Re: root access and dselect | ftp

[David Stern]

On 22 Feb 1998 20:04:41 +1300, Carey Evans wrote:
> [EMAIL PROTECTED] (David Stern) writes:
> 
> > What I'm trying to do is make my ppp connection as secure as possible, 
> > and one of the first things I realized is that whenever I'm running 
> > dselect, I'm root, and that I might be connected to the internet for 
> > long enough such that my ip address could be attacked, and I know there 
> > are different types of attacks, and my assumption was that if I'm 
> > running as root, then it would conceivably be possible to get root 
> > access.
> 
> You're not "connected to the net running as root."

Why not?  I'm root.  I'm running ftp on the net.

> Your computer is connected to the net, making all the services in
> /etc/inetd.conf and provided by other daemons that are started in
> /etc/init.d available to the rest of the Internet.  Make sure you
> comment out services in /etc/inetd.conf that you don't need, set up
> /etc/hosts.allow and /etc/hosts.deny appropriately, maybe set up IP
> firewalling, and restrict access to all other services (e.g. for
> Samba, with "bind interfaces only = true").  Too many of these
> services (IMHO) run as root.

The home LAN is still a little ways off, but I thought most system 
services needed to be run as root.  I have pretty restrictive 
/etc/hosts.* and ipfwadm setup as well as firewalling compiled into the 
kernel.  Services are attacted through the ports directly, I think, so 
I've tried to make that safe.

> The other way for someone to access your computer is by the programs
> you run to access Internet services.  For example, if you select a
> link to a Postscript file and look at it using a viewer that allows
> file operations, it could try to append the line below to your
> /etc/passwd:
> 
> carrot::0:0:/:/bin/sh
>
> This is a simple example of why you shouldn't browse the web (or run 
> unknown programs) as root.  (Another reason is that if something goes
> wrong, "rm -rf /" does less damage as a user.)

This is why I was asking about dselect | ftp, because if I'm root, and 
I'm running ftp via dselect, then isn't this exactly what you're 
telling me not to do?

-- 
David Stern                          
------------------------------------------------------------------
                             http://weber.u.washington.edu/~kotsya
                                           [EMAIL PROTECTED]




--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .