From owner-freebsd-chat Thu Oct 4 0:56: 3 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mx3.uninterruptible.net (cyclonis.catonic.net [63.160.99.136]) by hub.freebsd.org (Postfix) with ESMTP id AA22637B406 for ; Thu, 4 Oct 2001 00:55:57 -0700 (PDT) Received: from mail.uninterruptible.net (ns1.uninterruptible.net [216.7.46.11]) by mx3.uninterruptible.net (Postfix) with ESMTP id D7B895501 for ; Thu, 4 Oct 2001 02:53:17 -0500 (CDT) Received: from Spaz.Catonic.NET (tnt8-216-180-71-174.dialup.HiWAAY.net [216.180.71.174]) by mail.uninterruptible.net (Postfix) with ESMTP id 6ACFF5005C for ; Thu, 4 Oct 2001 07:55:12 +0000 (GMT) Received: by Spaz.Catonic.NET (Postfix, from userid 1002) id 69D313247; Thu, 4 Oct 2001 07:56:40 +0000 (GMT) Received: from localhost (localhost [127.0.0.1]) by Spaz.Catonic.NET (Postfix) with ESMTP id 6406A4C12 for ; Thu, 4 Oct 2001 07:56:40 +0000 (GMT) Date: Thu, 4 Oct 2001 07:56:40 +0000 (GMT) From: Kris Kirby To: Subject: Fortune Canidate (Was: [nlug] Re: Being Root in X....was Re: dog cussing mandrake 8.1) Message-ID: X-Tech-Support-Email: bofh@catonic.net X-Frames: I hate frames. Organization: Non Illegitemus Carborundum MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org See below: "Think of all the nasty things you could do to yourself if you had a split personality that didn't like you" <- that's the canidate. ----- Kris Kirby, KE4AHR | TGIFreeBSD... 'Nuff said. | ------------------------------------------------------- "Fate, it seems, is not without a sense of irony." ---------- Forwarded message ---------- Date: Thu, 4 Oct 2001 00:56:00 -0500 From: Rick Bradley Reply-To: nlug@linuxlists.org To: NLUG ListServ Subject: [nlug] Re: Being Root in X....was Re: dog cussing mandrake 8.1 * William Turner (wjturner@home.com) [011004 00:30]: > Just exactly what are the "bad things" that are supposed to happen? I'm presuming you're asking this to get some responses into the archives and not because you actually think there's nothing wrong with treating the root account as a normal user account. Here's some possibilities for ya: 0 - scenario: someone walks up, clicks "terminal" on the pretty start bar, and then types rm -rf / 1 - scenario: you drag /bin (or equivalent) to the trashcan (or equivalent) and hose your system -- this actually happened at Ascend^WLucent -- a friend of mine had to come in and clean up; Sun 450 running CDE but the principle's the same. Of course the WinNT-advocating bonehead didn't even get fired or shot in public. 2 - you open yourself up to any number of now-deadly stupid symlink vulnerabilities, now-deadly buffer overflows, race conditions, etc., by doing this. 3 - every process you run now by default runs as root. This is bad. This is like running Windows -- but on a system where you have enough rope to hang yourself and a group of your closest friends. I.e., it's like running Windows but it's a real operating system. 4 - scenario: someone does (at an xterm in your session): # cat >> ~/.bash_profile export PATH=/tmp:$PATH ^D N - You are running as root. Principle of least privilege is not an arbitrary doctrine if you want to maintain availability, security, integrity, etc. More evidence that running as root is bad: try running perldoc perlfunc as root. You can't. There are plenty of good reasons for this. Some of the problems have to do with physical security. While physical security is always the foundation for broader security (i.e, you could argue "well someone could just boot with their own floppy if they want to screw my system" -- which is only as true as you make it; it took me 45 minutes to begin loading media when I upgraded my firewall last weekend because my firewall has no external drives, no compiler, a password-protected BIOS (to which I'd forgotten the password and none of the backdoors worked and the motherboard docs were lost 5 years ago (I figured out which jumper did the trick though)), and no network downloading tools of any sort, and I didn't even own a working floppy drive) there's no point in making it *easier* for someone to hose your system/network (or worse things than breaking your system...). When someone gains root access to your system they have the capability in almost every case (other than probably sending gpg-encrypted emails or other passphrase-controlled public key operations -- and that's only temporary with a cracker or a key sniffer and access to your key files) of *being* you for all practical purposes. Think about the really nasty things you could do to yourself if you had a split personality that really hated you... The other problems are mostly issues of availability -- you're basically very likely to ruin things and cause downtime, loss of data, and the like. This is really where the bulk of the "don't run everything as root" mentality comes from -- people who've been burned bad this way don't tend to get burned again, and also make sure that people know how bad an idea it is to run everything as root. A misplaced typo or thinko (kill, rm, etc.) causes a lot more damage running as root. Security-wise there are plenty of problems as well -- escalation of privileges isn't tough when you're already escalated. Stupid little race conditions and buffer overflows in mail readers, window managers, etc., suddenly become root compromises. You're almost guaranteed to be network connected and since my email address is now on your machine when you get compromised I become a potential target -- however small the probability it's now higher that someone starts attacking me because you ran X as root. And if that happens then more bad shit starts happening. :-) Rick -- Mostly useless pseudo-random number: 239 Rick Bradley - http://xns.org/=rick@eastcore.net (75 F) -- Send all requests to: nlug-request@linuxlists.org Put your command in the SUBJECT of the message: "subscribe", "unsubscribe", "set digest on", or "set digest off" ********************************************************************** This list is from your pals at NetCentral To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message