[802] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Renegade)
Sun Jun 16 15:30:21 1996

Date: Thu, 13 Jun 1996 00:27:57 -0400
From: Renegade <renegade@dnaco.net>
To: linux-security@tarsier.cv.nrao.edu

Synthesizer Punk wrote:
> 
> 
>         The root account is nothing but an administration tool.  Whomever
> it was in the above quote (in my haste to prepare my mail, I didn't take
> heed to who it was, but credit for the sensible knowledge is due) has the
> right idea.  I often time see people using IRC from root, which truely
> disgusts me.  Why compromise security like that?  Do not read mail from
> root, don't do user-things as root, and please dear god don't IRC as root.
> All of those previous mentioned could make you a sitting target for a wily
> cracker or a caniving prank.  the root account is for doing things that
> regular users shouldn't be able to, a hidden command to create/destroy
> things.  Do as you wish, but you only compromise security.

	I would have to agree.  But I would like to point out at least
one thing that can be done for root mail security.  Many sendmail 
implementations have a dangerous default setup that amounts to a line
like this in the sendmail.cf file:

Mprog,          P=/bin/sh, F=lsDFMeu, S=10, R=20/40, D=$z:/,

	Basically if a e-mail message begins like a sh shell script
with a first line of:

#!/bin/sh

	The email will be executed as a shell script  (At the time
it is read).  Now, if you are reading mail as root:  BOOOOOOOM!
The shell script could open security holes and then erase itself
so that you don't even know what it did.  It could e-mail password
files to the perpetrator, and many other nasties.  One good solution
is to replace the "/bin/sh" in the Mprog line to "/bin/false" or something
similar.  Another good idea is to use the /etc/alias file to make
all mail that is not addressed to an actual person go to the system
administrator.  I do this on all the systems I administer at work.
All mail to root, lp, postmaster, etc. all alias to me.  This not only
helps notify you of problems without logging in as root, but eliminates the
possibility of a mail bomb being executed as root.

	I think the safest way to use the root account is to log in
as a regular user, and su to root only as necessary.  I play netrek and
see users connecting from root accounts.  This is probably just as bad
as using IRC as root.

	Renegade

--

// mailto:renegade@dnaco.net 
// http://www.dnaco.net/~renegade/

home help back first fref pref prev next nref lref last post