Re: root access and dselect | ftp
kotsya@u.washington.edu (David Stern) writes:
> What I'm trying to do is make my ppp connection as secure as possible,
> and one of the first things I realized is that whenever I'm running
> dselect, I'm root, and that I might be connected to the internet for
> long enough such that my ip address could be attacked, and I know there
> are different types of attacks, and my assumption was that if I'm
> running as root, then it would conceivably be possible to get root
> access.
You're not "connected to the net running as root."
Your computer is connected to the net, making all the services in
/etc/inetd.conf and provided by other daemons that are started in
/etc/init.d available to the rest of the Internet. Make sure you
comment out services in /etc/inetd.conf that you don't need, set up
/etc/hosts.allow and /etc/hosts.deny appropriately, maybe set up IP
firewalling, and restrict access to all other services (e.g. for
Samba, with "bind interfaces only = true"). Too many of these
services (IMHO) run as root.
The other way for someone to access your computer is by the programs
you run to access Internet services. For example, if you select a
link to a Postscript file and look at it using a viewer that allows
file operations, it could try to append the line below to your
/etc/passwd:
carrot::0:0:/:/bin/sh
This is a simple example of why you shouldn't browse the web (or run
unknown programs) as root. (Another reason is that if something goes
wrong, "rm -rf /" does less damage as a user.)
--
Carey Evans http://home.clear.net.nz/pages/c.evans/
GNU GPL: "The Source will be with you... always."
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: