Re: dangerous to leave root logged in?

• Previous message: Rincewind: "Re: dangerous to leave root logged in?"
• In reply to: Julia Thorne: "Re: dangerous to leave root logged in?"
• Next in thread: Keith Keller: "Re: dangerous to leave root logged in?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 30 Mar 2005 00:37:47 GMT

Julia Thorne <rimbaldi@nospam.tld> writes:

>On Mon, 28 Mar 2005 15:28:43 -0800, Keith Keller wrote:

>> The basis of the advice is to minimize the chance that, intentionally
>> or by accident, a dangerous command can be used by root. If all of
>> your root-authorized users are perfect all of the time, then there's
>> probably no problem with leaving a root shell available at all times.

>Oh come on. You guys are getting desperate now. You can't provide
>a concrete, *technical* answer to his question, he won't accept
>your religious *nix dogma, and you're grasping at straws now.

>Hmm. Users will make mistakes if they use a root shell that's
>already open, but they won't make those mistakes if they have to
>login first. No, sorry... it just doesn't make sense.

>Keeping root logged OUT most of the time seems like safe conservative
>advice, since it probably won't do any harm. But if there's a
>*technical* risk (not a personnel risk) in having a root shell open
>from one console, while another user is logged into another console,
>what IS it, exactly? If the root shell is a security hole when it's
>been open for an hour, isn't it a security hole during the 30 seconds
>that you'd have it open? If somebody on the LAN knows of a security
>vulnerability of open root logins, won't he have a script or program
>that watches for that root login and exploits it the instant that
>it appears?

>So... what IS that vulnerability? I wouldn't be surpised to hear
>that there is one (I'd be surprised if there isn't), but what IS
>that vulnerability? This question comes up frequently, and nobody
>ever has an informed, useful answer- just insults for the questioner,

?? Perhaps noone answers it for you because you do not read. It is easy not
to see with your eyes closed.

Any program that root runs increases the chances of a root comprimise due
to bugs in the program. X is a huge system with many many parts, and the
chances of bugs in X is large (never mind the chances of misconfigurations
-- eg root's .xhost having a + on its own in which case anyone in the world
can connect to and read teh X session running on the machine. )

So, the fewer the programs running and the more those programs have been
vetted for holes ( and are therefor relatively simple programs), the better.

Is it a disaster to run as root? No. Can you make mistakes? Yes ( just a
couple of weeks ago I was doing some work on a remote machine. I wanted to
shut down my laptop and issued a halt instruction. It was only later I
found that I had actually beenn logged into the remote machine when I
issued the instruction. That machine, a server, was shut down for 3 days
until I could get to it. This all of course occured on a weekend when noone
else was aroung to restart the server.)

Is it silly to run as root? Not if you need to but you should make sure
that it is on a need to basis.

If you leave root logged into a console then anyone with access to the
machine immediately has root access. Is that acceptable? It depends on who
has access.

>and advice like "If you weren't stupid, you'd use <insert name of
>software here>", "You post to Usenet with a Windoze program, so
>you shouldn't be allowed to ask questions about Linux!"... as if
>people should post to Usenet using the company SERVER, instead of
>their desktop machine.

>***
>Most of the opinions preached here, regarding how things should
>be done, seem to be based on corporate experience in situations
>where anybody and his dog could wander in & out of the machine
>room unwatched and unsupervised. Those experiences don't prove
>that root access is bad; they prove that you should have locked
>the door to your office. Or that the boss should stop giving
>group tours of the IT department to all visitors. ;-)

>I can't believe how many of you suggest remote "secure" login as
>a solution to the problem. How could anybody possibly believe
>that remote root login is safer than console-only root login??

It depends on the attack vector.

>Maybe my viewpoint on "secure remote access" is different because:
>A: I don't use a Linux GUI.
>B: I don't work in a corporate IT environment, "helped" by the
> half-trained chimpanzees that serve as IT employees nowdays.
>C: I run Web/Mail/FTP servers, where those chimpanzees (when
> they go home for the night) spend all their time banging on
> my Web server with bananas, trying to hack in.

>Wait... I wandered off the thread topic... Oh, yeah: what is the
>danger of an open root shell login being exploited by another
>user on the network?

• Previous message: Rincewind: "Re: dangerous to leave root logged in?"
• In reply to: Julia Thorne: "Re: dangerous to leave root logged in?"
• Next in thread: Keith Keller: "Re: dangerous to leave root logged in?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]