[opensuse] Re: Carelessness busts Linux security
Le 13/12/2009 15:02, Carlos E. R. a écrit :
Notice that installing a piece of software by root or admin is no different in windows or in linux.
not really true, for historical reasons. Linux, like Unix, is based *from the beginning* on the fact that applications are installed by root. period. no user is normally allowed to run apps (binaries) in they account. Of course, often, nowaday, root and the user are the same person, but unless you work routinely as root (what is largely advertised as unsecure), you have to make a choice when you go to root. This is done pretty often, but not at any moment. Windows behave very differently on this respect. If one look only superficially, windows users, like Linux, runs in they account, but Msoft lose a chance to make they system secure when issuing Windows 95. This Windows version was largely advertised as being only accessible for *registered* applications. That is only a programm *controlled* by Microsoft should be able to run on it. However when Windows 95 was launched it was not true and it's still not true. There was too any Applications that Microsoft didn't want to ban fron Windows to allow this. In this situation, most Windows programmers (not the microsoft ones, the large applications base ones) didn't take the burden of programming cleanly they apps and things didn't go better. It's nearly impossible to run a windows app without a large part of admin rights, let alone because many of the apps still write by default in "c:/programm files." subfolder. Microsoft could have made this better, but it noticed windows was still the number one of the OS, so why bother? the present solution of asking the user 10 times a day if he really want to do an admin task is the worst solution ever. At the first time the user says "no!". Notice nothing works. then say "yes!" each time, not even reading the message... I use side by side Linux and Windows machine, but with clean admin thinking and never got any viruses in more than ten years... but I know of many people that can't use they W computer, so heavily destroyed it is (including my own son :-() jdd -- http://www.dodin.net http://valerie.dodin.org http://news.opensuse.org/2009/04/13/people-of-opensuse-jean-daniel-dodin/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2009-12-13 at 17:27 +0100, jdd-gmane wrote:
Le 13/12/2009 15:02, Carlos E. R. a écrit :
Notice that installing a piece of software by root or admin is no different in windows or in linux.
not really true, for historical reasons.
Linux, like Unix, is based *from the beginning* on the fact that applications are installed by root. period. no user is normally allowed to run apps (binaries) in they account.
That's not my meaning. I mean that when, by whateer means, an app is intentionally installed (not accidentally), the person installing has todo the same type of decission: trust that software. That new piece of software is given some control over the machine. If the author or distributor is not bonafide, regardless of it being linux of windows, the end result is that you are, er... damaged. And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password. By the way, you can enforce that type of security in windows, too. At my job, I can not install (system) software, which is sometimes a pain. On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkslIEsACgkQtTMYHG2NR9WWVwCePgNMgTHjRwdJUYIdsk7FxOVg rhwAn2N63MBjqEZ5o9QlVJ2mjEK2jNIh =6C3d -----END PGP SIGNATURE-----
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password.
On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows.
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application. It also would make the server have to store all his applications just for his use. Google Earth is a good bad example. Anyone can install it so you are faced with a server having 200 copies of google earth. Love L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2009-12-13 at 18:44 +0100, lynn wrote:
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password. On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows. Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application. It also would make the server have to store all his applications just for his use. Google Earth is a good bad example. Anyone can install it so you are faced with a server having 200 copies of google earth.
Mount /home as noexec, then they can't [except for interpreted code like python scripts, if they know how to invoke the interpreter themselves]. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 13 December 2009 18:55:00 Adam Tauno Williams wrote:
On Sun, 2009-12-13 at 18:44 +0100, lynn wrote:
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password. On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows.
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application. It also would make the server have to store all his applications just for his use. Google Earth is a good bad example. Anyone can install it so you are faced with a server having 200 copies of google earth.
Mount /home as noexec, then they can't [except for interpreted code like python scripts, if they know how to invoke the interpreter themselves].
Thanks. didn't know about that one. L -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2009-12-13 at 18:44 +0100, lynn wrote:
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password.
On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows.
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software.
That is irrelevant to the discussion. We are talking about security, not convenience. The security given by users not being able to install software. The point here is that it needs to be root to install software, and that users are denied this privilege. But they can often install locally if they wish. And root can deny execution of those, too, as Adam says. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkslPkMACgkQtTMYHG2NR9XpDQCfcGe95ozXtzs2XfakzNdf7jOS /CMAnRjNYxo/kIaaOZxSDKlOcnsN8A6w =VMVF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/13/2009 9:44 AM, lynn wrote:
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password.
On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows.
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application.
All well and true, but these days the vast majority of Linux installations are on PERSONAL computers, and as such there us usually exactly ONE user account, and that user also has root. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On 12/13/2009 9:44 AM, lynn wrote:
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application.
All well and true, but these days the vast majority of Linux installations are on PERSONAL computers, and as such there us usually exactly ONE user account, and that user also has root. Now, how many normally log in as root? I rarely do, but when I need to do something as root, I'm asked for the password.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 13 December 2009 20:16:11 James Knott wrote:
Now, how many normally log in as root? I rarely do, but when I need to do something as root, I'm asked for the password.
There is no need to be a root all the time to make a damage, it is enough to know password, which is what you, and every other user that installed openSUSE/Linux knows. User mentioned in the first post installed trojan as he knew all that is needed to install it, and he wanted to do that as he was duped to believe that it is a screen saver. You can call that stupid, but everyone wants something very much and has lack of experience in particular field that makes him target. This user wasn't well informed about software sources and wanted screen saver, someone else will fall for in the same way for some other software. Outside the Linux and computer world people are paying too much for merchandise or services every day, and that is considered OK, as no one knows everything, but when one Linux user does similar thing, it is a big deal. -- Regards Rajko, openSUSE Wiki Team: http://en.opensuse.org/Wiki_Team People of openSUSE: http://en.opensuse.org/People_of_openSUSE/About -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 14 December 2009 01:01:51 John Andersen wrote:
On 12/13/2009 9:44 AM, lynn wrote:
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password.
On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows.
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application.
All well and true, but these days the vast majority of Linux installations are on PERSONAL computers, and as such there us usually exactly ONE user account, and that user also has root.
I always thought that it was the other way around. Linux was used on networks and rarely as a stand alone workstation. If that's not the case then I withdraw my comment about being selfish. Thanks for pointing this out. Lynn. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 14 Dec 2009 10:31:51 John Andersen wrote:
On 12/13/2009 9:44 AM, lynn wrote:
And as needing to be root etc, I know all that. A user in linux can not normally install (system) software, but the point is moot here, as the user is often also root and knows the password.
On both sides, the user can usually install "local" software, on his home. I have something installed in "My Documents" in windows.
Hi everyone Sorry to come in late on this but I think it selfish that a user be able to install just his set of software. It would be very difficult for him to install all the packages and put the libraries in his path. If root does it, everyone can share the libs and application.
All well and true, but these days the vast majority of Linux installations are on PERSONAL computers, and as such there us usually exactly ONE user account, and that user also has root.
But you should only use root when you absolutely have to. Some modern distros such as Debian don't even set up a root account login by default - they expect the user to do all admin tasks using sudo instead of root (swings and roundabouts apply). The important thing to realise is that processes launched by a user or under a users account can only run with the privileges/permissions granted to that user (excepting processes with the SUID bit set, which should be avoided wherever possible). This limits the amount of damage a process launched from a user account can do. Unfortunately, if you are logged in as root and don't think carefully about what you're doing, nothing can protect your system from you or any other rogue process launched during that time. Hands up anyone who's accidentally damaged/destroyed a system by typing 'rm -rf *' whilst logged in as root and being in the wrong directory (e.g. / :-()...you usually only do that once! -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 14 December 2009 06:56:02 Rodney Baker wrote:
Unfortunately, if you are logged in as root and don't think carefully about what you're doing, nothing can protect your system from you or any other rogue process launched during that time. Hands up anyone who's accidentally damaged/destroyed a system by typing 'rm -rf *' whilst logged in as root and being in the wrong directory (e.g. / :-()...you usually only do that once!
In a discussion about system protection people often repeat what root can do to system, while for personal computers is equally important what user can do. On the majority of personal computers user is synonym for a single user, computer owner. The system protection in that context is equivalent of the user data protection, as that is the only part of the system that can't be recovered if it is lost and user has no backup, so discussion how to protect system from the naive user should talk more about data protection. To remove all user data for good it is *not* necessary to be a root. What root adds to loss is about 30-40 minutes of pain to reinstall, and then some time to customize system. -- Regards Rajko, openSUSE Wiki Team: http://en.opensuse.org/Wiki_Team People of openSUSE: http://en.opensuse.org/People_of_openSUSE/About -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 15 Dec 2009 11:58:36 Rajko M. wrote:
On Monday 14 December 2009 06:56:02 Rodney Baker wrote:
Unfortunately, if you are logged in as root and don't think carefully about what you're doing, nothing can protect your system from you or any other rogue process launched during that time. Hands up anyone who's accidentally damaged/destroyed a system by typing 'rm -rf *' whilst logged in as root and being in the wrong directory (e.g. / :-()...you usually only do that once!
In a discussion about system protection people often repeat what root can do to system, while for personal computers is equally important what user can do.
On the majority of personal computers user is synonym for a single user, computer owner. The system protection in that context is equivalent of the user data protection, as that is the only part of the system that can't be recovered if it is lost and user has no backup, so discussion how to protect system from the naive user should talk more about data protection.
To remove all user data for good it is *not* necessary to be a root. What root adds to loss is about 30-40 minutes of pain to reinstall, and then some time to customize system.
That is true on a single- (or even multi-)user personal system. Unfortunately, I managed to do it to a live server supporting about 12 staff; I managed to kill the process when it was about half-way through removing /lib (it had already gotten through /etc, /bin, /home. Aaargh! I was logged in via ssh, but at least I was still logged in. Then I made the *really* stupid mistake of logging out, at which point all was lost as not even root could log in since /etc was gone! Had I realised that there were statically linked versions of restore and tar in /sbin I could have recovered the system from a backup before logging out. As it was, the system was down for several hours while the external support contractors located a boot disk with the correct versions of dump and restore on them to restore the backups. Needless to say, I wasn't the sysadmin there for much longer (and rightly so)! Oh well - you live and learn, sometimes the hard way ;-). -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Adam Tauno Williams -
Carlos E. R. -
James Knott -
jdd-gmane -
John Andersen -
lynn -
Rajko M. -
Rodney Baker