Re: Compromise of the nobody account?

mike3 <mike4ty4@xxxxxxxxx> writes:


Then why include nobody anymore anyway? Why not just drop it?

because it is useful to have a user available who has no privildges to run
stuff just to maintain security. Also it is the default for root on NIS
systems, to stop root on system A from being aboe to screw things up on a
filesystem mounted from B.



The cracker gets a shell with "nobody". The cracker then deploys
a program into /tmp. The cracker is "cd"ed into /tmp so then just
uses "./program" to launch and execute the program.

So what? that program cannot do antything except what nobody is allowed to
do, which is prbably less than most other users. Ie, it is no more
dangerous than running a program as mike4ty4



Might not tampering with temp files that get used by programs(*)
potentially (depending on the design and bugs in the program) allow
for a security hole of some sort to be exploited, and hence leaving

No, because nobody cannot do anything to those files. He does not own them.



So then if I log in as nobody, dump an executable into /tmp, then
try and launch it, I can't?

Sure you can. But what can that program do?




So then would I be right in assessing that a cracker who has
compromised nobody would have no more control over the machine than
one who compromised any ordinary user account?

yes. more likely less.


.

Relevant Pages

  • FW: Fwd: RE: [SLE] Using Samba
    ... >> access to the folder on the Linux side. ... That security is enforced across to ... >> so windows cannot even look at what's in the directory unless it (nobody) ... >> Greg Wallace ...
    (SuSE)
  • RE: Fwd: RE: [SLE] Using Samba
    ... >> access to the folder on the Linux side. ... That security is enforced across to ... >> so windows cannot even look at what's in the directory unless it (nobody) ... >> Greg Wallace ...
    (SuSE)
  • Re: significance of "nobody" ownership permission?
    ... I suspect the reason for these "nobody and 777" characteristics is that this ... the 777 perms were created from there. ... I am not concerned about 5.2's external security (hopefully ... AFAIK the executable bits on sockets has no ...
    (comp.os.linux.security)
  • Re: significance of "nobody" ownership permission?
    ... I suspect the reason for these "nobody and 777" characteristics is that this ... the 777 perms were created from there. ... I am not concerned about 5.2's external security (hopefully ... AFAIK the executable bits on sockets has no ...
    (comp.os.linux.security)
  • Re: OT: My New Bumper Sticker
    ... We don't think immigration is a security issue. ... Nobody forces them, nobody stops ... What about the economic argument that's been made--that illegals are ...
    (rec.arts.dance)