From this perspective, it should be easy to see that using the least
Hi, After I made a brief comment on a mailinglist that said "don't mail as root". I got half a dozen replies asking for the reason, and I said I'll write it down for all: Unix/Linux are multi-user operating systems. The goal is to be able to seperate users from each other. There are only few categories of users, and seen from the kernel's perspective, there are only two: user and superuser. The superuser on the system (root) has no restriction wrt what he can do in the system, whereas other users must confirm to the (permission-) rules that the super user configured (when in doubt, that was the distributor) privilege possible and needed for a task is most secure. Especially in cases where a program uses data that comes from an untrusted source this is strongly advised. How do you know that a .jpg file that you received from your friend does indeed confirm to the JPEG image compression standards (netscape prior to version 4.74 had a bug in the jpeg handling code that could, if exploited by a specially crafted jpeg image, enable an attacker to execute arbitrary machine code on the machine the netscape browser runs on.) The majority of programs do have this property (since you wish to have them something done, of course). The most suitable for the purpose of this mail are * mail user agents (MUAs) * chat clients (such as IRC) * browsers (such as netscape) * multi media players (such as mp3 players and image viewers) If your mail program is written in poor style, it might contain a bug that allows an attacker to do nasty things with your machine. pine used to have such a bug a while ago, for example. If this happens as user root, the possible damage to your machine is not restricted in any way, if it happens as user foo, the attacker may still have to obtain root rights to gain complete access to the system. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
I've got an upcoming series of articles on linux and viruses. Minimizing root usage is a _very_ good thing. I go so far as to disable root's account by changing the password to *. Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
I've got an upcoming series of articles on linux and viruses. Minimizing root usage is a _very_ good thing. I go so far as to disable root's account by changing the password to *.
:-) I hope that users don't do that. Changing the shadow field to "*" or "!" is what you mean. (The thing with * and ! used to be mentioned in some manpage; This is how the passwd program under Linux locks a password: It just prepends a "!". these characters may not even be in the target set of the crypt(3) algorythm.) *** With a SuSE, you might experience problems with this method of securing the root account: You are required to enter the root password if you boot into single user mode or when your file system check failed at boot time.
Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
:-) I hope that users don't do that. Changing the shadow field to "*" or "!" is what you mean. (The thing with * and ! used to be mentioned in some manpage; This is how the passwd program under Linux locks a password: It just prepends a "!". these characters may not even be in the target set of the crypt(3) algorythm.)
Yes setting to "*" via 'passwd" would be bad. Or MD5, etc. In general setting the password field "manually" basically disables the acocunt.
*** With a SuSE, you might experience problems with this method of securing the root account: You are required to enter the root password if you boot into single user mode or when your file system check failed at boot time.
By the time you need to do that you may as well boot from a rescue floppy disk, at least that is my opinion.
Thanks, Roman.
Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
participants (2)
-
Kurt Seifried -
Roman Drahtmueller