Re: "SRC=69.28.159."
From: Jon (wiseguy_at_ihug.co.nz)
Date: 12/11/04
- Next message: Moe Trin: "Re: "SRC=69.28.159.""
- Previous message: /dev/null: "Re: Firewall/Masquerading performance"
- In reply to: Newsbox: "Re: "SRC=69.28.159.""
- Next in thread: Moe Trin: "Re: "SRC=69.28.159.""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 Dec 2004 11:00:52 +1300
On Sat, 11 Dec 2004 03:29:08 -0500, Newsbox wrote:
> On Sat, 11 Dec 2004 02:08:55 -0500, Jon wrote:
>
>> On Sat, 11 Dec 2004 00:45:58 -0500, Newsbox wrote:
>>
>>> Details _DO_ matter, and anyone reading should note Mr. Trin's issue.
>>> He is right. Never run as superuser what will run as a regular,
>>> unpriviledged user.
>>
>> Sorry to go slightly off topic and also sorry if this seems a stupid and
>> ignorant question but ... why shouldn't you run network apps as root and
>> how could something like whois be exploited?
>>
>> Thanks,
>
> No problem Jon to answer that, and it's a good question that probably many
> need to know the answer to. Thanks for asking !!
>
> Even when there are no "known vulnerabilities" or "published exploits" --
> of which there are very many (that probably most people are not
> immediately aware), even then, ...
>
> When you run as an unpriveledged (normal) user, then any vulnerability or
> exploit (search zero day exploit) that may be deployed against the
> application, and which succeeds in running "arbitrary code", only gets to
> run that arbitrary code in the priviledges of the user that was running
> the application. If the user is not allowed to (does not have ownership
> of) writing system files, then, in order to compromise the system, the
> attacker must then deploy a second vulnerability exploit before s/he can
> escalate the priveledge (ownership) to change system files (much, much
> more difficult).
>
> If you run as root, whoever gets in, gets everything, right off. Very bad
> strategy if it can be avoided. It can be avoided by running as a normal
> user.
>
> I don't think whois has a vulnerability. If it doesn't, then there is no
> problem. But whois will run as a normal user and as such should always
> _be_ run as a normal user. If in fact there were a vulnerability in
> whois, for example, or an exploit for the (hypothetical) vulnerability,
> then whomever did exploit it ( the dirty criminal!!) could access the
> system with the rights of whoever called the process. And a normal user
> doesn't have system rights, whereas root does.
>
> Mr. Trin was right and I did make a mistake. Do not make this mistake !!
>
> It's late here for me, and my spelling and typing may be less than
> perfect. But when it comes to security, details _do_ matter.
Thank you for your detailed answer, it makes sense :)
-- Jon
- Next message: Moe Trin: "Re: "SRC=69.28.159.""
- Previous message: /dev/null: "Re: Firewall/Masquerading performance"
- In reply to: Newsbox: "Re: "SRC=69.28.159.""
- Next in thread: Moe Trin: "Re: "SRC=69.28.159.""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
