From owner-freebsd-questions Sun Jul 2 1:34:21 2000 Delivered-To: freebsd-questions@freebsd.org Received: from operamail.com (OperaMail.com [199.29.68.79]) by hub.freebsd.org (Postfix) with ESMTP id D6CF337BAB5 for ; Sun, 2 Jul 2000 01:34:18 -0700 (PDT) (envelope-from bbarnes@operamail.com) X-WM-Posted-At: operamail.com; Sun, 2 Jul 00 04:37:10 -0400 X-WebMail-UserID: bbarnes Date: Sun, 2 Jul 2000 04:37:10 -0400 From: Bill Barnes To: cjclark@alum.mit.edu Cc: freebsd questions Subject: RE: Ports via FTP Message-ID: <398FACC7@operamail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: InterChange (Hydra) SMTP v3.61.06 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >===== Original Message From cjclark@alum.mit.edu ===== >On Sun, Jul 02, 2000 at 01:55:41AM -0400, Bill Barnes wrote: >> I created the wrong impression. It isn't FreeBSD that I'm worried about, it's >> the crackers. >> This afternoon and evening the download was stalled a lot and there is some >> offline peparation time and I've read there is significant risk in connecting >> to the internet as root. >> It doesn't matter too much right now because I just installed and haven't >> anything to lose. I was logged in as root for other maintenance and, frankly, >> forgot about that until I started the ftp. >> If i login as non-root, establish the internet connection, then su for the ftp >> process, does that eliminate the risk of 'root online'; or maybe I am worried >> about a non-problem. > >Hmmm... I'm still not quite understanding you. How do you log in as >non-root to establish the Internet conncetion, _then_ ftp after su'ing >to root. I mean, isn't the ftp connection the "Internet connection" we >are talking about? > >Crist J. Clark cjclark@alum.mit.edu Here's the configuration I might use. Login as non-root In screen 1 connect to my ISP and in the same screen execute Netscape In screen 2 (for comfort) bring up xterm and su, ftp Now I can browse, email, whatever while the ftp process does its thing. Hence, I am connected to a trusted machine and who knows what else. That sounds like my ftp connection is exposed thru the browser connections. But isn't the ftp connection exposed to an intruder anyway. Hope I don't appear too dense hear but I haven't the foggiest about cracker technology. Bill Barnes To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message