Re: root access and dselect | ftp

To: debian-user@lists.debian.org
Subject: Re: root access and dselect | ftp
From: kotsya@u.washington.edu (David Stern)
Date: Wed, 25 Feb 1998 11:57:26 -0800
Message-id: <[🔎] m0y7mxL-0001aBC@localhost>
In-reply-to: Your message of "22 Feb 1998 20:04:41 +1300." <[🔎] 87g1lcm86u.fsf@psyche.evansnet>

On 22 Feb 1998 20:04:41 +1300, Carey Evans wrote:
> kotsya@u.washington.edu (David Stern) writes:
> 
> > What I'm trying to do is make my ppp connection as secure as possible, 
> > and one of the first things I realized is that whenever I'm running 
> > dselect, I'm root, and that I might be connected to the internet for 
> > long enough such that my ip address could be attacked, and I know there 
> > are different types of attacks, and my assumption was that if I'm 
> > running as root, then it would conceivably be possible to get root 
> > access.
> 
> You're not "connected to the net running as root."

Why not?  I'm root.  I'm running ftp on the net.

> Your computer is connected to the net, making all the services in
> /etc/inetd.conf and provided by other daemons that are started in
> /etc/init.d available to the rest of the Internet.  Make sure you
> comment out services in /etc/inetd.conf that you don't need, set up
> /etc/hosts.allow and /etc/hosts.deny appropriately, maybe set up IP
> firewalling, and restrict access to all other services (e.g. for
> Samba, with "bind interfaces only = true").  Too many of these
> services (IMHO) run as root.

The home LAN is still a little ways off, but I thought most system 
services needed to be run as root.  I have pretty restrictive 
/etc/hosts.* and ipfwadm setup as well as firewalling compiled into the 
kernel.  Services are attacted through the ports directly, I think, so 
I've tried to make that safe.

> The other way for someone to access your computer is by the programs
> you run to access Internet services.  For example, if you select a
> link to a Postscript file and look at it using a viewer that allows
> file operations, it could try to append the line below to your
> /etc/passwd:
> 
> carrot::0:0:/:/bin/sh
>
> This is a simple example of why you shouldn't browse the web (or run 
> unknown programs) as root.  (Another reason is that if something goes
> wrong, "rm -rf /" does less damage as a user.)

This is why I was asking about dselect | ftp, because if I'm root, and 
I'm running ftp via dselect, then isn't this exactly what you're 
telling me not to do?

-- 
David Stern                          
------------------------------------------------------------------
                             http://weber.u.washington.edu/~kotsya
                                           kotsya@u.washington.edu




--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: root access and dselect | ftp
  - From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>

References:
- Re: root access and dselect | ftp
  - From: Carey Evans <c.evans@clear.net.nz>

Prev by Date: Re: Sendmail...
Next by Date: Re: Perms on LPRng
Previous by thread: Re: root access and dselect | ftp
Next by thread: Re: root access and dselect | ftp
Index(es):
- Date
- Thread