Re: dangerous to leave root logged in?

From: Keith Keller (kkeller-usenet_at_wombat.san-francisco.ca.us)
Date: 03/30/05 

Date: Tue, 29 Mar 2005 19:40:46 -0800

On 2005-03-29, Julia Thorne <rimbaldi@nospam.tld> wrote:
> On Mon, 28 Mar 2005 15:28:43 -0800, Keith Keller wrote:
>
>> The basis of the advice is to minimize the chance that, intentionally
>> or by accident, a dangerous command can be used by root. If all of
>> your root-authorized users are perfect all of the time, then there's
>> probably no problem with leaving a root shell available at all times.
>
> Oh come on. You guys are getting desperate now. You can't provide
> a concrete, *technical* answer to his question, he won't accept
> your religious *nix dogma, and you're grasping at straws now.

I am grasping at nothing. I already stated in this thread that there's
probably no technical problems with what he wants to do! (Of course, I
CMA too: I said *probably*, not *definitely*.) And it it hardly
religious dogma: things like what I describe have actually happened.
Well, almost, in my case: I caught the person before she could do
anything bad. But what if I hadn't been there looking over her
shoulder?

> Hmm. Users will make mistakes if they use a root shell that's
> already open, but they won't make those mistakes if they have to
> login first. No, sorry... it just doesn't make sense.

Of course it does. The mistake might be that the user doesn't even
realize he's typing into a root shell. If he just typed the root
password 30 seconds ago, it's unlikely (though of course possible) that
he'll forget he's currently using a root shell. But if he has four
xterms open, one of which is a root shell, he might accidentally get the
focus into the wrong one.

> I can't believe how many of you suggest remote "secure" login as
> a solution to the problem. How could anybody possibly believe
> that remote root login is safer than console-only root login??

Nobody has suggested this. They've suggested not to have idle root
logins running at all, remote or otherwise. The ''solution'' you are
misunderstanding is to log in remotely, do your business, and *log out
when done*, as opposed to leaving a running console open. Of course,
the best solution is to walk to the console, log in, do your business,
and log out when done. If that's what the OP wants to do, rather than
log in remotely, that's fine. But the two components, login remotely
and logout when done, are completely orthogonal to each other.

> Maybe my viewpoint on "secure remote access" is different because:
> A: I don't use a Linux GUI.
> B: I don't work in a corporate IT environment, "helped" by the
> half-trained chimpanzees that serve as IT employees nowdays.
> C: I run Web/Mail/FTP servers, where those chimpanzees (when
> they go home for the night) spend all their time banging on
> my Web server with bananas, trying to hack in.

I don't see how any of the above justifies leaving an idle root shell
open, especially if there are other ways of doing the same thing. I
would like to see an example of what you believe is a situation that
*requires* an idle root shell running at all times. Thus far in this
thread, I haven't seen any such examples.

--keith 

-- 
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

Relevant Pages

  • Suddenly faced with password prompt while sshing; two ips assigned to adsl ppp0 iface?!?
    ... It's a often patched linux box behind a NAT/firewall with adsl connection to ... When the phenomenon occured, the root shell was already up for some time, I ... What I found out by inspecting the remote log: ...
    (Security-Basics)
  • Re: dangerous to leave root logged in?
    ... adds to the probability that it will be misused (even by accident). ... > Strong convictions like this require reasons. ... no problem with leaving a root shell available at all times. ... suggest you consider everyone's advice and limit the time you or anyone ...
    (comp.os.linux.security)
  • Re: I cannot login coz bash is deinstalled
    ... A errer occurs when i try to login with my user or root. ... This is one of the reasons to leave the root shell at a safe default. ... a different super-user account could be created to avoid this problem -- leaving root with it's mostly stock (safe) setup. ...
    (freebsd-questions)
  • Re: I cannot login coz bash is deinstalled
    ... A errer occurs when i try to login with my user or root. ... This is one of the reasons to leave the root shell at a safe default. ... a different super-user account could be created to avoid this problem -- leaving root with it's mostly stock (safe) setup. ...
    (freebsd-questions)
  • Re: Error as a root: shell missing
    ... > when I login as a root it refuses login as shell does not exist. ... > How can I switch back my root shell to a good one? ... now you can edit your /etc/passwd and correct your mistake. ... Björn. ...
    (comp.unix.bsd.freebsd.misc)