Re: unautherized access to unix systems?

From: Felix Zaslavskiy (felix@students.poly.edu)
Date: 01/20/03

• Next message: harsh: "port 25 logs"
• Previous message: Router Man: "Re: PIX DHCP/Failover boot issue"
• In reply to: Bill Unruh: "Re: unautherized access to unix systems?"
• Next in thread: harsh: "port 25 logs"
• Reply: harsh: "port 25 logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Felix Zaslavskiy" <felix@students.poly.edu>
Date: Mon, 20 Jan 2003 08:10:37 GMT

> The number of holes available to someone who is on a machine is in
> general much greater than for someone not on the machine. Thus suid
> programs, which are not visible from outside, can often have holes. If
> the suid writer is careless and lets the program have root priviledges
> too long, then it can be eminantly attackable.
>
> Thus you can run buffer overflow attacks etc on internal programs.
> You can also install trojans and fake programs (eg ls in /tmp which when
> root runs ls and happens to have . in his path befor /bin, there you
> have root.) The usual rule of thumb is that if a good cracker gets onto
> a machine by whatever means, he can get root.

It does not matter how good a cracker with a user account is it all depends
on how many restrictions are placed on user account.

A machine with very little restrictions short of giving write privilages to
/etc/passwd to other users (similar to a development machine i run for
general learning purposes) would be easier to crack then a machine were
users are seen as potential attackers.

If a say read access to uses is denied to /etc directory and execution of
programs such as top,fstat, strace , netstat , gcc, is also denied in
addition to leaving very limited set of setuid programs around this would
make it very difficult to gain root with user account even for a pro
cracker.

---

• Next message: harsh: "port 25 logs"
• Previous message: Router Man: "Re: PIX DHCP/Failover boot issue"
• In reply to: Bill Unruh: "Re: unautherized access to unix systems?"
• Next in thread: harsh: "port 25 logs"
• Reply: harsh: "port 25 logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Surfing web as root: Dangerous? ... these can happen even if your user account is compromised ... thing the user is going to really care about is his files, ... trashed by a cracker or malware he won't care about the distinction ... between getting a user account cracked and getting root cracked. ... (comp.os.linux.misc) running programs from user acctount as root ... I have recently upgraded from FC6 to Fedora ... So then after several package updates & the total struggle of getting DVD, ... that require root access from my user account. ... (Fedora) RE: unable to login as user ... unable to login as user ... Log in as root and look closely at the user account. ... the system just seems to hang and then go back to the username ... (RedHat) Re: which PC ... And this is a compliment aimed at Randall, ... us all exactly how an "Average User" in OS X who needs system Root ... User account was created in the standard fashion (eg, ... (eg, System Preferences) ... (rec.photo.digital) Re: cant login as root ... > Peter T. Breuer wrote: ... >> should ever want to log in as root for. ... > Says Peter Breuer, once again trying to sneeze his brains out his ears. ... If you're root you create and maintain a user account. ... (comp.os.linux.setup)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2003-01