Does anyone know how i can give myself root permissions on my linux box. bec i have used Yast and put me in the root users group but it does not give me the permissions -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Ben Cuthbert wrote:
Does anyone know how i can give myself root permissions on my linux box.
bec i have used Yast and put me in the root users group but it does not give me the permissions
You don't want to do that... it is a big security hole! You can su to root from either the user command line or an xterm and do what every you wish. When you are done 'exit' will close the root 'window' and you are back to being just a user again. Running with root permission will lead to disaster because you will get causal and careless and destroy your system. You only want to be in root to do *specific* things, then exit back to a user. If you ever link to the internet as root you are asking for a world of hurt. JLK -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi, I'm risking the most stupid question of the year, but I do it anyway. I often hear things like "If you ever link to the internet as root you are asking for a world of hurt". Could anyone please explain what excactly can happen (and im not talking about my own stupidities) when I'm connected to the Internet as root? Sander Jerry L Kreps wrote:
Ben Cuthbert wrote:
Does anyone know how i can give myself root permissions on my linux box.
bec i have used Yast and put me in the root users group but it does not give me the permissions
You don't want to do that... it is a big security hole! You can su to root from either the user command line or an xterm and do what every you wish. When you are done 'exit' will close the root 'window' and you are back to being just a user again. Running with root permission will lead to disaster because you will get causal and careless and destroy your system. You only want to be in root to do *specific* things, then exit back to a user. If you ever link to the internet as root you are asking for a world of hurt. JLK
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sander van Vugt wrote:
Hi,
I'm risking the most stupid question of the year, but I do it anyway. I often hear things like "If you ever link to the internet as root you are asking for a world of hurt".
Could anyone please explain what excactly can happen (and im not talking about my own stupidities) when I'm connected to the Internet as root?
Sander
Would you go off to work and leave the front door of your home open, with a sign on the door that says "Come on in, steal everything I have, my credit cards, my jewels, my stereo and tv, then burn the place down. My insurance doesn't care because it won't cover it." That's what is would be like connecting to the internet as root, except that you don't have to 'go to work'. You can be on your PC typing aways, as I am now, and some cracker could take control of your PC and do the what I mentioned above. Even though SuSE does a good job of installing a relatively safe system, running as root is a bad, bad thing to do, even if you don't connect to the Internet. JLK -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sorry, but this isn't the answer I hoped for. When someone comes into my
house, because I left the front-door wide-open, in know the cause
(front-door wide open), the weak spot (it was open) and the results (credit
cards etc. gone). In this case anyone knows exactly that the week spot is my
door being open. It isn't obvious to me that my being logged in as root is a
week spot.
(BTW: This actually happended to me one night, lucky me, who lives in a
honest village of God-fearing people, nothing was stolen.)
Another example: If I log in to a Novell Netware 3.11 server, using the
account supervisor, I know someone can use this account, because of a
security-leak which was solved with packet signature.
What I'dd really like to know is: what can one do, because I am logged in as
user root, how do they do it (e.g. what weakness in this root-account are
they using), and what can be the results. And I'm especially curious how my
being logged in as user root relates to other security-measures I applied to
me system, like hosts.allow and hosts.deny, only relevant and secure
services enabled in inetd.conf, a nice securetty file and of course a
password different than my wive's first name.
Sander
----- Original Message -----
From: "Jerry L Kreps"
Sander van Vugt wrote:
Hi,
I'm risking the most stupid question of the year, but I do it anyway. I often hear things like "If you ever link to the internet as root you are asking for a world of hurt".
Could anyone please explain what excactly can happen (and im not talking about my own stupidities) when I'm connected to the Internet as root?
Sander
Would you go off to work and leave the front door of your home open, with a sign on the door that says "Come on in, steal everything I have, my credit cards, my jewels, my stereo and tv, then burn the place down. My insurance doesn't care because it won't cover it."
That's what is would be like connecting to the internet as root, except that you don't have to 'go to work'. You can be on your PC typing aways, as I am now, and some cracker could take control of your PC and do the what I mentioned above. Even though SuSE does a good job of installing a relatively safe system, running as root is a bad, bad thing to do, even if you don't connect to the Internet. JLK
********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On 7 Mar 00, at 13:28, Sander van Vugt wrote:
Sorry, but this isn't the answer I hoped for. When someone comes into my house, because I left the front-door wide-open, in know the cause (front-door wide open), the weak spot (it was open) and the results (credit cards etc. gone). In this case anyone knows exactly that the week spot is my door being open. It isn't obvious to me that my being logged in as root is a week spot.
Think of this command-- rm -rf ./ -- now suppose you are logged in as yourself, only you have root privileges, and execute this command. Now, suppose you've been at the keyboard for hours, are a bit frazzled, and you're not in the directory you've assumed you're in, after all everyone makes mistakes.... Cheers, Dennis "Custard pies are a sort of esperanto: a universal language." --Noel Godin -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I'm sorry to be a pain-in-the-ass, but if I understand it correctly, the
only downside of being logged in as root, is that I might be sleepy and do
something stupid to myself. I still don't see the security risk in relation
to potential hackers, like there was, for example in Netware 3.11.
----- Original Message -----
From: "Dennis Soper"
On 7 Mar 00, at 13:28, Sander van Vugt wrote:
Sorry, but this isn't the answer I hoped for. When someone comes into my house, because I left the front-door wide-open, in know the cause (front-door wide open), the weak spot (it was open) and the results (credit cards etc. gone). In this case anyone knows exactly that the week spot is my door being open. It isn't obvious to me that my being logged in as root is a week spot.
Think of this command-- rm -rf ./ -- now suppose you are logged in as yourself, only you have root privileges, and execute this command. Now, suppose you've been at the keyboard for hours, are a bit frazzled, and you're not in the directory you've assumed you're in, after all everyone makes mistakes....
Cheers, Dennis "Custard pies are a sort of esperanto: a universal language." --Noel Godin
********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Tue, 07 Mar 2000, Sander van Vugt wrote:
I'm sorry to be a pain-in-the-ass, but if I understand it correctly, the only downside of being logged in as root, is that I might be sleepy and do something stupid to myself. I still don't see the security risk in relation to potential hackers, like there was, for example in Netware 3.11.
Okay, for instance; there are known bugs in ircii-based IRC clients (ircii, epic, BitchX, others) that would allow a foreign host to gain root access to your system when said client is attached to an IRC server as root. ircii's greatest strength is it's highly scriptable architecture, and it used to be as simple as a Tcl or PERL script that would allow your nemisis access to your own box. Don't IRC as root. Numerous applications have similar security holes that simply haven't been found yet. Consider for a moment all of the bugs that old FTP servers and old Sendmail's had; part of the problem was the fact that they were running the daemon as root, instead of a privelaged user. An assailant writes a bit of C to attach to the FTP daemon, causes a buffer overrun (the most common type of attacks these days), the daemon/application dies unexpectedly, and *!violla!* Root shell. Read some Usenet one of these days; it'll be an eye-opening experience. As a matter of fact, SuSE hosts an excellent (if slow) Security related list. That makes for good reading, too ;). -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | Kansas City, MO /\\ 816-241-2641 x121 | http://www.atipa.com _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Thanks a lot, now I don't only know that, by I also know why.
----- Original Message -----
From: "Jon Pennington"
On Tue, 07 Mar 2000, Sander van Vugt wrote:
I'm sorry to be a pain-in-the-ass, but if I understand it correctly, the only downside of being logged in as root, is that I might be sleepy and do something stupid to myself. I still don't see the security risk in relation to potential hackers, like there was, for example in Netware 3.11.
Okay, for instance; there are known bugs in ircii-based IRC clients (ircii, epic, BitchX, others) that would allow a foreign host to gain root access to your system when said client is attached to an IRC server as root. ircii's greatest strength is it's highly scriptable architecture, and it used to be as simple as a Tcl or PERL script that would allow your nemisis access to your own box. Don't IRC as root.
Numerous applications have similar security holes that simply haven't been found yet. Consider for a moment all of the bugs that old FTP servers and old Sendmail's had; part of the problem was the fact that they were running the daemon as root, instead of a privelaged user. An assailant writes a bit of C to attach to the FTP daemon, causes a buffer overrun (the most common type of attacks these days), the daemon/application dies unexpectedly, and *!violla!* Root shell. Read some Usenet one of these days; it'll be an eye-opening experience. As a matter of fact, SuSE hosts an excellent (if slow) Security related list. That makes for good reading, too ;).
-- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | Kansas City, MO /\\ 816-241-2641 x121 | http://www.atipa.com _\_V
********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sander van Vugt wrote:
I'm sorry to be a pain-in-the-ass, but if I understand it correctly, the only downside of being logged in as root, is that I might be sleepy and do something stupid to myself. I still don't see the security risk in relation to potential hackers, like there was, for example in Netware 3.11.
Depends. 1) You leave yourself logged in and go for lunch. Somebody walks in and uses the machine. 2) Somebody breaks into your user account. Since you have a different password for the root account they don't get anywhere but if your user account has full root privileges? 3) Someone replaces ls,rm,df,more,less pick your favorite command with something nasty. You don't even need to replace the ones in /bin. You just put the fake ls command into a dir that you think the sysadmin will trip over. Say you know the sysadmin will get upset about all your diskuse and will come a do a ls in your home directory. If the persons path includes . higher then /bin they will use the one in . Thats just off the top of my head. I'm sure somebody else will come up with better examples. Nick -- -------------------------------------------------- Nick Zentena "Microsoft has unjustifiably jeopardized the stability and security of the operating system." U.S. District Judge Thomas Penfield Jackson Nov 5/1999 -------------------------------------------------- -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sander van Vugt wrote:
Sorry, but this isn't the answer I hoped for. When someone comes into my house, because I left the front-door wide-open, in know the cause (front-door wide open), the weak spot (it was open) and the results (credit cards etc. gone). In this case anyone knows exactly that the week spot is my door being open. It isn't obvious to me that my being logged in as root is a week spot.
Oh, you want a technical answer... Do a ps aux from the command line or use KTop to look at all of the services you have running on your box. Do you see a couple of services marked 'httpd'?? That is the http deamon, which is running in memory and has attached itself to port 80 and listens for clients on that port. (You can view /etc/services to see all the port numbers and what services are attached to them.) Some pimple-faced anti-social script kiddie downloads some 'tools' from a cracker site and runs them. He scans the ports on your box and make connections with your port 80. Or perhaps your ftpd port. Then he transfers some trojan software to your box and and runs it. Or, he opens up a remote terminal on your box. You are running as root, so that means he is too. If you were running as a user the cracker would have to try and break into the root account in order to take over your box. That is above the abilities of most script-kiddies. Failing that, the best the script-kiddie can do is destroy your account and account files, after he robs you blind. The trojan software, usually with names identical to Linux system utilities like 'ls', will do what you would think 'ls' would do, but it has additional capabilities: emailing your password file back to the script-kiddie, stealing your personal info, or just doing malicious damage. Do you have cookies in your netscape subdirectory that perhaps contains your credit card numbers? Well, I hope you get the idea. Never run your system as root, even if you never connect to the internet... remember Jon's story of the tired user who executes the rm command and blows his entire directory structure away? JLK -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Tue, 07 Mar 2000, Jerry L Kreps wrote:
Sander van Vugt wrote:
Hi,
I'm risking the most stupid question of the year, but I do it anyway. I often hear things like "If you ever link to the internet as root you are asking for a world of hurt".
Could anyone please explain what excactly can happen (and im not talking about my own stupidities) when I'm connected to the Internet as root?
Sander
Would you go off to work and leave the front door of your home open, with a sign on the door that says "Come on in, steal everything I have, my credit cards, my jewels, my stereo and tv, then burn the place down. My insurance doesn't care because it won't cover it."
That's what is would be like connecting to the internet as root, except that you don't have to 'go to work'. You can be on your PC typing aways, as I am now, and some cracker could take control of your PC and do the what I mentioned above. Even though SuSE does a good job of installing a relatively safe system, running as root is a bad, bad thing to do, even if you don't connect to the Internet. JLK
LOL; perhaps it's not as simple as making a connection to the box and walking in `the front door', as Jerry put it, but it's certainly unwise. Anyway, why are you asking? Why would you log in as root unless you are doing *system*administration*? The root account (AKA Super User account) is *ONLY* for system administration when a privelaged user is not enough. Any time you use the root account, you're asking for real trouble, with or without an Internet connection. -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | Kansas City, MO /\\ 816-241-2641 x121 | http://www.atipa.com _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
LOL; perhaps it's not as simple as making a connection to the box and walking in `the front door', as Jerry put it, but it's certainly unwise. Anyway, why are you asking? Why would you log in as root unless you are doing *system*administration*? The root account (AKA Super User account) is *ONLY* for system administration when a privelaged user is not enough. Any time you use the root account, you're asking for real trouble, with or without an Internet connection.
You're perfectly right when you say that you only have to log in as root to do system administration, I totally agree, but the reason I am asking is that some people say you make it easy for a cracker to abuse your system when you are logged in as root and I have never heard any reasons why exactly that is so. Yes, I know you can do some really stupid things to your own system when you have to many rights on it, but it simply seems like a *myth* that my system is easier to hack when I'm logged in as root, so please, if it can be done, give me examples of *how* my system can be hacked then. As for why I'm asking? I consider Linux a good and secure system (if configured the right way), and I really like to know about weak point. Being logged in as root which gives more opportunities for the hacker seems a weak point to me. Luckily, I didn't hear anyone explain as for now where exactly this weak point exists and how a hacker can abuse it. Sander ********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi Sander, Have a look at Jon's message - I couldn't have put it better myself. I'm just saying the same thing in another way (actually, I wrote this message earlier and it didn't get sent, and I don't want all that effort to be wasted ;-) ). Sander van Vugt wrote:
LOL; perhaps it's not as simple as making a connection to the box and walking in `the front door', as Jerry put it, but it's certainly unwise. Anyway, why are you asking? Why would you log in as root unless you are doing *system*administration*? The root account (AKA Super User account) is *ONLY* for system administration when a privelaged user is not enough. Any time you use the root account, you're asking for real trouble, with or without an Internet connection.
You're perfectly right when you say that you only have to log in as root to do system administration, I totally agree, but the reason I am asking is that some people say you make it easy for a cracker to abuse your system when you are logged in as root and I have never heard any reasons why exactly that is so. Yes, I know you can do some really stupid things to your own system when you have to many rights on it, but it simply seems like a *myth* that my system is easier to hack when I'm logged in as root, so please, if it can be done, give me examples of *how* my system can be hacked then.
It doesn't make your machine easier to get into initially. Instead, it's a case of: if someone *does* manage to gain access to your computer, you're in a lot more trouble if you're running as root (and hence have super user privelages) than if you were logged on as a single user. If, hypothetically, someone does gain access and you're logged in as yourself, then there's not much that person can do. They are limited to the same commands/privelages as you are. If, however, you are logged in as root and someone gains access... if they're out to cause as much damage as possible, etc., a simple 'rm -rf /' would be possible, since they can do *anything* to the system (and that would certainly give you some headaches...). In essence - if you're logged in as root, they don't have to make as much effort to gain total control as they do if they gain access to your user account. Hope that clears it up a bit, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
..or am I being paranoid. Hi People. I run SuSE 6.3 on one box, and Mandrake 7 on another. This incident occured on my Mandrake. I sent a HUP sig to inetd, so I don't know if this is the cause of it - I also created a new user (users group) just before. And for some reason, printing from this box, to my SuSE server produced a segmentation fault (in the lpd spool logs on SuSE server). Don't know if its related... In addition, root received mail on Mandrake (after this incident), with security warning subjects (I hardly ever check root's mail - there was mail from a month ago, at the exact same time, of a similar problem..) I only checked the logs after experiencing(hearing) extremely heavy disk activity. Any help greatly appreciated. /var/log/messages: Mar 8 00:03:10 jo300 : Security Warning: Change in Suid Root files found Mar 8 00:03:10 jo300 : - Added suid root files : /bin/mount Mar 8 00:03:10 jo300 : - Added suid root files : /bin/ping Mar 8 00:03:10 jo300 : - Added suid root files : /bin/su Mar 8 00:03:10 jo300 : - Added suid root files : /bin/umount Mar 8 00:03:10 jo300 : - Added suid root files : /home/vscan/BIN/EMSCAN.DA_ Mar 8 00:03:10 jo300 : - Added suid root files : /sbin/pwdb_chkpwd Mar 8 00:03:10 jo300 : - Added suid root files : /usr/X11R6/bin/Xwrapper Mar 8 00:03:10 jo300 : - Added suid root files : /usr/X11R6/bin/imwheel-solo Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/at Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/chage Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/chfn Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/chsh Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/crontab Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/dos Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/gpasswd Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/kppp Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/lpq Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/lpr Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/lprm Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/newgrp Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/passwd Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/procmail Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/rcp Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/rlogin Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/rsh Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/sperl5.00503 Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/ssh1 Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/suidperl Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/urpmi Mar 8 00:03:10 jo300 : - Added suid root files : /usr/bin/vboxbeep Mar 8 00:03:10 jo300 : - Added suid root files : /usr/libexec/pt_chown Mar 8 00:03:10 jo300 : - Added suid root files : /usr/sbin/sendmail Mar 8 00:03:10 jo300 : - Added suid root files : /usr/sbin/suexec Mar 8 00:03:10 jo300 : - Added suid root files : /usr/sbin/traceroute Mar 8 00:03:10 jo300 : - Added suid root files : /usr/sbin/userhelper Mar 8 00:03:10 jo300 : - Added suid root files : /usr/sbin/usernetctl Mar 8 00:03:10 jo300 : Mar 8 00:03:10 jo300 : Security Warning: Change in World Writeable Files found Mar 8 00:03:10 jo300 : - Added writables files : /home/antivir/INSTALL.DAT Mar 8 00:03:10 jo300 : - Added writables files : /home/vscan/BIN/EMSCAN.DA_ Mar 8 00:03:10 jo300 : Mar 8 00:03:10 jo300 : Security Warning: the following files aren't owned by an user : Mar 8 00:03:10 jo300 : - Removed un-owned files : /home/w3mir-1.0.8 Mar 8 00:03:10 jo300 : - Removed un-owned files : /home/w3mir-1.0.8/Artistic and around 8000 other 'un-owned files' were listsed, and removed.. (including many files in /usr/local/mysql, /usr/local/httpd and /usr/local/src - and yes, the kernel soures as well..) Mar 8 00:06:02 jo300 : Mar 8 00:06:02 jo300 : Security Warning: There is modifications for port listening on your machine Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:7101 *:* LISTEN 6104/xfstt Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:982 *:* LISTEN 5887/rpc.mountd Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:977 *:* LISTEN 5887/rpc.mountd Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:mysql *:* LISTEN 2509/ Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:printer *:* LISTEN 1481/lpd Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:www *:* LISTEN 743/httpd Mar 8 00:06:02 jo300 : - Opened ports : tcp 0 0 *:996 *:* LISTEN 393/ Mar 8 00:06:02 jo300 : - Opened ports : udp 0 0 *:980 *:* 5887/rpc.mountd Mar 8 00:06:02 jo300 : - Opened ports : udp 0 0 *:975 *:* 5887/rpc.mountd Mar 8 00:06:02 jo300 : - Opened ports : udp 0 0 *:994 *:* 393/ Mar 8 00:06:02 jo300 : - Opened ports : udp 0 0 *:948 *:* 347/ Mar 8 00:06:02 jo300 : - Closed ports : tcp 0 0 *:6000 *:* LISTEN 572/X Mar 8 00:06:02 jo300 : - Closed ports : tcp 0 0 *:7101 *:* LISTEN 469/xfstt Mar 8 00:06:02 jo300 : - Closed ports : tcp 0 0 *:996 *:* LISTEN 393/rpc.statd Mar 8 00:06:02 jo300 : - Closed ports : tcp 0 0 *:964 *:* LISTEN 357/rpc.mountd Mar 8 00:06:02 jo300 : - Closed ports : tcp 0 0 *:959 *:* LISTEN 357/rpc.mountd Mar 8 00:06:02 jo300 : - Closed ports : udp 0 0 *:994 *:* 393/rpc.statd Mar 8 00:06:02 jo300 : - Closed ports : udp 0 0 *:962 *:* 357/rpc.mountd Mar 8 00:06:02 jo300 : - Closed ports : udp 0 0 *:957 *:* 357/rpc.mountd Mar 8 00:06:02 jo300 : - Closed ports : udp 0 0 *:948 *:* 347/rpc.rquotad Mar 8 00:06:10 jo300 : Mar 8 00:06:10 jo300 : Security Warning: World Writeable files found : Mar 8 00:06:10 jo300 : - /home/antivir/INSTALL.DAT Mar 8 00:06:10 jo300 : - /home/vscan/BIN/EMSCAN.DA_ Mar 8 00:06:10 jo300 : - /usr/share/apps/kpacman/highScore Mar 8 00:06:10 jo300 : - /var/lib/linpopup/messages.dat Mar 8 00:06:10 jo300 : - /var/lib/texmf/ls-R Mar 8 00:06:10 jo300 : Mar 8 00:06:10 jo300 : Security Warning: these home directory should not be owned by someone else or writeable : Mar 8 00:06:10 jo300 : user=mysqladmin : home directory is owned by mysqladm. Regards, Jason. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Tue, 07 Mar 2000, Sander van Vugt wrote:
You're perfectly right when you say that you only have to log in as root to do system administration, I totally agree, but the reason I am asking is that some people say you make it easy for a cracker to abuse your system when you are logged in as root and I have never heard any reasons why exactly that is so. Yes, I know you can do some really stupid things to your own system when you have to many rights on it, but it simply seems like a *myth* that my system is easier to hack when I'm logged in as root, so please, if it can be done, give me examples of *how* my system can be hacked then.
Many internet clients - Netscape Navigator among them - have security holes in some versions, such that a malicious person can cause a command of HIS choosing to run on YOUR system. Some of these he has to embed in a web page and get you to look at the page; others he can insert into your system without you referencing his. The damage from such a command running on your system is likely to be much less severe if you aren't logged in as root.
As for why I'm asking? I consider Linux a good and secure system (if configured the right way), and I really like to know about weak point. Being logged in as root which gives more opportunities for the hacker seems a weak point to me. Luckily, I didn't hear anyone explain as for now where exactly this weak point exists and how a hacker can abuse it.
Sander
********************************************************************** Disclaimer
This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.
If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200.
**********************************************************************
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Thanks to all for your extensive explanations. I'm happy, because I understand now. Before it was like my dad telling me not to do xyz. I asked why, he told me "because it is bad". So I did it anyway, until the day he could explain to me why exactly it was bad. Ciao, Sander ********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
i denfinitely have to side with this one. No-one that I know uses root for common practice anyways. My personal beliefs are that someone is trying to break into a system, and figured we'd give good hacking advice. I definitely have to say, if this is the case than they should go somewhere else. just su!!! that's the best way if you need it. it was told before many times over. ryan --signatures are overrated--
-----Original Message----- From: Jon Pennington [mailto:jpennington@atipa.com] Sent: Tuesday, March 07, 2000 10:36 AM To: Jerry L Kreps; Sander van Vugt Cc: suse-linux-e@suse.com Subject: Re: [SLE] Making yourself have root permissions
On Tue, 07 Mar 2000, Jerry L Kreps wrote:
Sander van Vugt wrote:
Hi,
I'm risking the most stupid question of the year, but I do it anyway. I often hear things like "If you ever link to the internet as
root you are
asking for a world of hurt".
Could anyone please explain what excactly can happen (and im not talking about my own stupidities) when I'm connected to the Internet as root?
Sander
Would you go off to work and leave the front door of your home open, with a sign on the door that says "Come on in, steal everything I have, my credit cards, my jewels, my stereo and tv, then burn the place down. My insurance doesn't care because it won't cover it."
That's what is would be like connecting to the internet as root, except that you don't have to 'go to work'. You can be on your PC typing aways, as I am now, and some cracker could take control of your PC and do the what I mentioned above. Even though SuSE does a good job of installing a relatively safe system, running as root is a bad, bad thing to do, even if you don't connect to the Internet. JLK
LOL; perhaps it's not as simple as making a connection to the box and walking in `the front door', as Jerry put it, but it's certainly unwise. Anyway, why are you asking? Why would you log in as root unless you are doing *system*administration*? The root account (AKA Super User account) is *ONLY* for system administration when a privelaged user is not enough. Any time you use the root account, you're asking for real trouble, with or without an Internet connection.
-- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | Kansas City, MO /\\ 816-241-2641 x121 | http://www.atipa.com _\_V
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
My personal beliefs are that someone is trying to break into a system, and figured we'd give good hacking advice. I definitely have to say, if this is the case than they should go somewhere else.
I'm really disappointed you think that as it is certainly *NOT* the case. But if that's what you think, I say thanks for nothing, I won't continue this thread anymore. ********************************************************************** Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200. ********************************************************************** -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Jerry L Kreps wrote:
Even though SuSE does a good job of installing a relatively safe system, running as root is a bad, bad thing to do, even if you don't connect to the Internet.
I know that's traditional Unix dogma and there's some wisdom to it. But I think the security aspect is overblown for machines that aren't connected to the outside world. You may need to worry about tsetse flies in tropical Africa, but they're not much of a problem in Newfoundland. I think of root usage as resembling the safety catch on my chainsaw. It helps to prevent accidents. On the other hand, if you spend much time tweaking your system, you're bound to have to operate as root a lot of the time anyway. There are a few ways of making root usage pretty easy: 1. Use sudo. 2. Open an xterm and immediately su to root 3. Assign a null password to root and remove the password field from root's entry in /etc/shadow. 4. Remember that `su -c "blah"' is your friend. Paul Abrahams -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Ben Cuthbert wrote:
Does anyone know how i can give myself root permissions on my linux box.
bec i have used Yast and put me in the root users group but it does not give me the permissions
Do you mean you put yourself, as a normal user, in the root group? That is *very* bad. You should have your normal login account as a member of the users group, then you use the su command to carry out root commands. The command you would use is 'su root' and then type in your root password. After this, you 'become' the root user, and any commands you type will be run as root, until you type exit. For more information of su, do a 'man su'. Hope that helps, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (11)
-
abrahams@valinet.com
-
benjamin.c@lineone.net
-
chris.reeves@iname.com
-
dsoper@clipper.net
-
jebs@ozemail.com.au
-
JerryKreps@alltel.net
-
jpennington@atipa.com
-
ryagatich@csn1.com
-
sander.van.vugt@azlan.nl
-
warrl@blarg.net
-
zentena@hophead.dyndns.org