[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root SSH permitted by default (was: how does root run a graphical prog)



Vineet Kumar wrote:
> 
> * Michael D. Schleif (mds@helices.org) [020521 12:10]:
> > Here's my lack of understanding:
> >
> > [a] ssh root@remote.system requires cracking only one (1) string:
> >     [1] root's password
> >
> > [b] ssh mortal_user@remote.system requires cracking three (3) separate
> > strings:
> >     [1] mortal_user's username (without this, there is not even system
> > access);
> >     [2] mortal_user's password; and
> >     [3] root's password
> >
> > Since _god_ on a given system is almost always root or administrator, I
> > fail to see how [a] can be considered at least as secure as [b].
> >
> > What am I missing?
> 
> The point is that once you have [b1] and [b2], [b3] is as easy to get
> by dropping in a new '~/bin/su' which will read a password, pretend to
> the user that there was a typo, read it again, email you the password,
> delete itself, and then perform the real /bin/su.

I agree with this; but, the assumptions . . .

> The idea is that a user account which often su's is as good as a root
> account. One that often sudo's is even easier (if you actually have the
> password and not just a backdoor of some sort).

This is where I begin to have problems with your argument . . .

> So this boils down to [b] is better because of [b1], which I think we'll
> all agree isn't *that* difficult to get, if you know anyone who has an
> account on the machine, or even just patience and a watchful eye.
> Generally usernames aren't kept super-super secret.

This thread split off of an earlier thread; but, my context begins with
this new thread.  Therefore, we are talking about remote users and ssh
access to remote systems.

Let's begin with your assumption: ``... if you know anyone who has an
account on the machine ...''

You are correct that this is a problem -- one problem among many, many
problems.

This ``socialization'' exploit is always an issue with networked
computing environments.  Nevertheless, the typical social circle is very
small relative to the total global population.  In other words, the
number of people who cannot know ``anyone who has an account on the
machine'' is at least six (6) orders of magnitude greater than else. 
Whether or not this falls under security by obscurity is irrelevant --
how can you argue that this security measure has *NO* value?

Having followed this thread since it spun off, I do not recall anybody
saying that such a countermeasure is adequate, in and of itself. 
However, it helps me deflect bushels full of script kiddies off of my
systems . . .

What am I missing?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: