On Tue, 07 Mar 2000, Sander van Vugt wrote:
You're perfectly right when you say that you only have to log in as root to do system administration, I totally agree, but the reason I am asking is that some people say you make it easy for a cracker to abuse your system when you are logged in as root and I have never heard any reasons why exactly that is so. Yes, I know you can do some really stupid things to your own system when you have to many rights on it, but it simply seems like a *myth* that my system is easier to hack when I'm logged in as root, so please, if it can be done, give me examples of *how* my system can be hacked then.
Many internet clients - Netscape Navigator among them - have security holes in some versions, such that a malicious person can cause a command of HIS choosing to run on YOUR system. Some of these he has to embed in a web page and get you to look at the page; others he can insert into your system without you referencing his. The damage from such a command running on your system is likely to be much less severe if you aren't logged in as root.
As for why I'm asking? I consider Linux a good and secure system (if configured the right way), and I really like to know about weak point. Being logged in as root which gives more opportunities for the hacker seems a weak point to me. Luckily, I didn't hear anyone explain as for now where exactly this weak point exists and how a hacker can abuse it.
Sander
********************************************************************** Disclaimer
This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Azlan Holdings bv and/or subsidiary. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.
If you have received this email in error please notify Azlan Holdings MIS Helpdesk by telephone on +31 (0) 79 3443200.
**********************************************************************
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/