Re: root access and dselect | ftp
Martin Bialasinski <[EMAIL PROTECTED]> writes: > Yes, but there is no known way to force the ftpclient to do such > things. The client doesn't accept any commands and any data it gets is, > well, data, so it is not executed, just written to disk. Well, there are a few exceptions, but they won't affect dselect+ftp. When you do "mget *" from your ftp client, it asks the server for all the files in the directory. A malicious server could send back the file "../etc/passwd", which some clients will happily download and save. You could also have files like ".profile" or ".exrc" in the directory, which get returned and saved with no problems. These files will then contain the commands. Just be careful, and do as little as possible as root. -- Carey Evans http://home.clear.net.nz/pages/c.evans/ GNU GPL: "The Source will be with you... always." -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
On Wed, 25 Feb 1998, David Stern wrote: > Running an ftp client as root seems to be an exception to the rule > about not running as root. actually that "rule" isn't a general prohibition against doing anything as root. it is advice about only running as root for system maintainence tasks. upgrading the system using dselect certainly qualifies as "system maintainence". the idea is that by running as a non-priviledged user you can minimise the risk of problems, and also mimimise the severity of any problems which occur. "problems" includes buggy software, user mistakes, and malicious code (e.g. "trojan horse" programs or viruses) e.g. if you accidentally type "rm -rf /" as root you blow away the whole system. if you do it as a normal user the worst you can do is erase your own home directoryand in most cases, will suffer no damage at all because you will probably have noticed your mistake and hit Ctrl-C before rm gets to your home dir. another problem which you avoid by not running as root except when necessary is the risk of trojans or virusesmalicious programs like these can't affect your system if they don't have the permissions required to modify files. craig -- craig sanders -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
On 25 Feb 1998 22:47:23 +0100, Martin Bialasinski wrote: > [EMAIL PROTECTED] (David Stern) writes: > > [..] > > This is why I was asking about dselect | ftp, because if I'm root, and > > I'm running ftp via dselect, then isn't this exactly what you're > > telling me not to do? > > Yes, but there is no known way to force the ftpclient to do such > things. The client doesn't accept any commands and any data it gets is, > well, data, so it is not executed, just written to disk. Initially I thought that ftpd accepted commands, but now that I think about it a little more, I suppose it accepts data. (at least for ftp clients, running ftpd in server mode on the net might be a different animal) Running an ftp client as root seems to be an exception to the rule about not running as root. Thanks for the clarification. :-) p.s.: I won't make personal replies until my headers are up to snuff, which I'm working on. -- David Stern -- http://weber.u.washington.edu/~kotsya [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
[EMAIL PROTECTED] (David Stern) writes: > > The other way for someone to access your computer is by the programs > > you run to access Internet services. For example, if you select a > > link to a Postscript file and look at it using a viewer that allows > > file operations, it could try to append the line below to your > > /etc/passwd: > > > > carrot::0:0:/:/bin/sh > > > > This is a simple example of why you shouldn't browse the web (or run > > unknown programs) as root. (Another reason is that if something goes > > wrong, "rm -rf /" does less damage as a user.) > > This is why I was asking about dselect | ftp, because if I'm root, and > I'm running ftp via dselect, then isn't this exactly what you're > telling me not to do? Yes, but there is no known way to force the ftpclient to do such things. The client doesn't accept any commands and any data it gets is, well, data, so it is not executed, just written to disk. Ciao, Martin -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
On 22 Feb 1998 20:04:41 +1300, Carey Evans wrote: > [EMAIL PROTECTED] (David Stern) writes: > > > What I'm trying to do is make my ppp connection as secure as possible, > > and one of the first things I realized is that whenever I'm running > > dselect, I'm root, and that I might be connected to the internet for > > long enough such that my ip address could be attacked, and I know there > > are different types of attacks, and my assumption was that if I'm > > running as root, then it would conceivably be possible to get root > > access. > > You're not "connected to the net running as root." Why not? I'm root. I'm running ftp on the net. > Your computer is connected to the net, making all the services in > /etc/inetd.conf and provided by other daemons that are started in > /etc/init.d available to the rest of the Internet. Make sure you > comment out services in /etc/inetd.conf that you don't need, set up > /etc/hosts.allow and /etc/hosts.deny appropriately, maybe set up IP > firewalling, and restrict access to all other services (e.g. for > Samba, with "bind interfaces only = true"). Too many of these > services (IMHO) run as root. The home LAN is still a little ways off, but I thought most system services needed to be run as root. I have pretty restrictive /etc/hosts.* and ipfwadm setup as well as firewalling compiled into the kernel. Services are attacted through the ports directly, I think, so I've tried to make that safe. > The other way for someone to access your computer is by the programs > you run to access Internet services. For example, if you select a > link to a Postscript file and look at it using a viewer that allows > file operations, it could try to append the line below to your > /etc/passwd: > > carrot::0:0:/:/bin/sh > > This is a simple example of why you shouldn't browse the web (or run > unknown programs) as root. (Another reason is that if something goes > wrong, "rm -rf /" does less damage as a user.) This is why I was asking about dselect | ftp, because if I'm root, and I'm running ftp via dselect, then isn't this exactly what you're telling me not to do? -- David Stern -- http://weber.u.washington.edu/~kotsya [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
[EMAIL PROTECTED] (David Stern) writes: > What I'm trying to do is make my ppp connection as secure as possible, > and one of the first things I realized is that whenever I'm running > dselect, I'm root, and that I might be connected to the internet for > long enough such that my ip address could be attacked, and I know there > are different types of attacks, and my assumption was that if I'm > running as root, then it would conceivably be possible to get root > access. You're not "connected to the net running as root." Your computer is connected to the net, making all the services in /etc/inetd.conf and provided by other daemons that are started in /etc/init.d available to the rest of the Internet. Make sure you comment out services in /etc/inetd.conf that you don't need, set up /etc/hosts.allow and /etc/hosts.deny appropriately, maybe set up IP firewalling, and restrict access to all other services (e.g. for Samba, with "bind interfaces only = true"). Too many of these services (IMHO) run as root. The other way for someone to access your computer is by the programs you run to access Internet services. For example, if you select a link to a Postscript file and look at it using a viewer that allows file operations, it could try to append the line below to your /etc/passwd: carrot::0:0:/:/bin/sh This is a simple example of why you shouldn't browse the web (or run unknown programs) as root. (Another reason is that if something goes wrong, "rm -rf /" does less damage as a user.) -- Carey Evans http://home.clear.net.nz/pages/c.evans/ GNU GPL: "The Source will be with you... always." -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
On Sun, 22 Feb 1998 02:28:06 +0100, Remco Blaakmeer wrote: > On Fri, 20 Feb 1998, David Stern wrote: > > It occurred to me that running dselect | ftp as root could potentially > > compromise root access. > > > > I don't want users to be able to run dselect, and I don't want to loose > > the power of dselect by downloading all packages and package lists > > individually, but I want to decrease the potential of root access being > > compromised while running dselect | ftp. > > > > What's an intelligent solution? > > Could you please explain why and how it could "compromise root access"? What I'm trying to do is make my ppp connection as secure as possible, and one of the first things I realized is that whenever I'm running dselect, I'm root, and that I might be connected to the internet for long enough such that my ip address could be attacked, and I know there are different types of attacks, and my assumption was that if I'm running as root, then it would conceivably be possible to get root access. (you get the idea, I hope) Let's assume I'm wrong, and that it is not possible for root access to be compromised while I am connected to the net running as root. If so, then why shouldn't everyone always run as root while connected to the net -- does ftp have added security features? (if so, please briefly explain) -- D a v i d S t e r n -- http://weber.u.washington.edu/~kotsya [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
On Fri, 20 Feb 1998, David Stern wrote: > Hi, > > It occurred to me that running dselect | ftp as root could potentially > compromise root access. > > I don't want users to be able to run dselect, and I don't want to loose > the power of dselect by downloading all packages and package lists > individually, but I want to decrease the potential of root access being > compromised while running dselect | ftp. > > What's an intelligent solution? Could you please explain why and how it could "compromise root access"? Remco -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: root access and dselect | ftp
Hi, Does anyone know of a VMS/VAX emulator J. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
root access and dselect | ftp
Hi, It occurred to me that running dselect | ftp as root could potentially compromise root access. I don't want users to be able to run dselect, and I don't want to loose the power of dselect by downloading all packages and package lists individually, but I want to decrease the potential of root access being compromised while running dselect | ftp. What's an intelligent solution? -- D a v i d S t e r n -- http://weber.u.washington.edu/~kotsya [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
