[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Username length inconsistencies.



On Sun, May 31, 1998 at 09:22:40PM -0400, Alex Yukhimets wrote:
> > I know that this is a bit of a side issue, but what are the consequences
> > of giving root a different user name? I have done it in test installs and
> > "frog" was able to log in with root priviledge, but I haven't held onto
> > such a system long enough to see what might break.

I think I've heard of people doing such things to make cracking root
slightly more difficult (you can't login as "root" and guess passwords
anymore, you've got to guess usernames, as well, eg), or, alternatively,
so you can make a dummy user with the name "root", so if people do crack
that account they don't get quite as much power as they'd hoped.

I can't say that I think it's a particularly useful security measure,
but it's a possible one.

> Installation script for my program (WXftp) will break :)
> It checks whether it is running by "root" user.
> dh_testroot from debhelper does exactly the same, btw.

Ugh.

TTBOMK, it's generally better to test for uid 0 than any particular
username, so dh_testroot should probably have something like the following
patch applied:

--- /usr/bin/dh_testroot	Tue Mar 31 14:50:14 1998
+++ dh_testroot_new	Mon Jun  1 12:12:24 1998
@@ -5,6 +5,6 @@
 PATH=debian:$PATH:/usr/lib/debhelper
 . dh_lib
 
-if  [ "`whoami`" != root ]; then
+if  [ "`id -u`" != 0 ]; then
 	error "You must run this as root."
 fi

Are there any problems with doing things this way?

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

      ``It's not a vision, or a fear. It's just a thought.''

Attachment: pgp7TBJzO7PY2.pgp
Description: PGP signature


Reply to: