[NCLUG] Why not Root?
John L. Bass
jbass at dmsd.com
Sat Mar 17 15:05:42 MDT 2007
From: Chad Perrin <perrin at apotheon.com>
Assume that person knows of an arbitrary remote code execution exploit
for Xchat.
It's just a good idea to run as something other than root most of the
time. Similarly, it's a good idea to ensure that your user account
doesn't have complete administrative access via sudo, so that
compromising the normal user account doesn't give the person unfettered
access to your system via sudo.
Local system SUSER exploits are more common than network deamon SUSER exploits,
so it's not always necessary for an attacker to gain direct ROOT access, just
access to the remote machine, then exploit the more common local SUSER exploit
with any trojan access.
So, it frequently doesn't matter if the user is root or not, if the machine has
a determined attacker targeting it. Good practice is always use a hardware
firewall with reasonable settings to minimize external connectivity anyway.
John
More information about the NCLUG
mailing list