[NCLUG] Why not Root?

John L. Bass jbass at dmsd.com
Sat Mar 17 15:05:42 MDT 2007


	From: Chad Perrin <perrin at apotheon.com>
	Assume that person knows of an arbitrary remote code execution exploit
	for Xchat.

	It's just a good idea to run as something other than root most of the
	time.  Similarly, it's a good idea to ensure that your user account
	doesn't have complete administrative access via sudo, so that
	compromising the normal user account doesn't give the person unfettered
	access to your system via sudo.

Local system SUSER exploits are more common than network deamon SUSER exploits,
so it's not always necessary for an attacker to gain direct ROOT access, just
access to the remote machine, then exploit the more common local SUSER exploit
with any trojan access.

So, it frequently doesn't matter if the user is root or not, if the machine has
a determined attacker targeting it. Good practice is always use a hardware
firewall with reasonable settings to minimize external connectivity anyway.

John



More information about the NCLUG mailing list