LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-05-2004, 05:03 AM   #1
Smokey
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 311

Rep: Reputation: 30
being logged in as root


I think there is a big difference between being logged in as root in the terminal and being logged in as root in a window manager like gnome right?

So is it really that dangerous to be logged in as root in the terminal? I dont see anyway how a malicious hacker can take over the terminal?
 
Old 09-05-2004, 01:24 PM   #2
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Mmm... cool question!
Let's think about it: why it is dangerous to be logged in as root?
By itself, there's nothing dangerous in it, except when you DO login, some daemons are launched and they gain the logger's privileges.
When you do it in graphical mode, many programs start. When you do it in terminal mode, it must be only sh (correct me if i'm wrong) which is not a server, by itself.
So, my guess is, there's nothing dangerous in logging in as root in terminal mode. The only problem is you MUST be careful about the command you issue.
 
Old 09-06-2004, 02:42 AM   #3
fastvfr
LQ Newbie
 
Registered: Sep 2004
Location: SW Oregon
Distribution: Debian (HDD Knoppix 2.4.26 & 2.6.7 kernels)
Posts: 10

Rep: Reputation: 0
Exclamation

Well, it depends. This is why Lindows' security was a flop; as soon as the PC booted, you were essentially working from inside the root directory...and so was anyone else who had access to your machine once you hit the Net.

When you update the OS with Debian, Slack, or any other distros that use apt-get or wget, you are accessing the Web with full r-w-x root privileges in place.

So you had better have some protection in place while doing that!!

I'm running Debian right now from the Knoppix 2.4 hernel, and I have kernel 2.6.2 on the next partition over so I can play with it as well.

I am also connected to a LAN behind an ADSL 1.6Mb/s modem with NAPT enabled and set to High filtering, as well as a LinkSys router with NAT configured. I never did care for, nor do I trust, software firewall solutions.For me they cause more trouble than they prevent.

GRC'sscans show this connection to be in total Stealth mode, save for the unused ports I have manually closed, which show up red.

I have tried to attack this node myself, even knowing the root password and the current IP, and I have not succeeded in compromising it. Even with the knowledge of the system, heavy-handed use of brute force attacks, and several other exploits - all have proven fruitless to date.

And since the PC attached to the modem is the only one that can possibly be visible to the Web anyway, the only suspicious thing I can see from outside the firewalls when this thing is doing apt-get is the stream of *Nix files coming in. Plus, there's no way to tell what the XP box is really running, so it could be a linux box as well!

Some extra-security-conscious folks even set up software solutions to augment hardware filters like the ones I use. They might be safer, but they also might have more issues for no gain.

All I know is, this works well and I see no reason to change it.

Best regards,

FastVFR
 
Old 09-06-2004, 09:14 AM   #4
spacedoubtman
LQ Newbie
 
Registered: Feb 2004
Location: Brisbane, QLD, Australia
Distribution: Debian
Posts: 29

Rep: Reputation: 15
Usually people run x windows as a non priveledged user to be more secure. The idea is that if some client - browser/icq/etc has a bug which allows someone to gain acces to your system they will not have root access.

In theory if you regularly log in as root in for instance an xterm (like I do) and someone has gained control of the user account that runs the xterm then that hacker could maybe set an alias for su in your .bash_profile that logs the root password so they can retrieve it later. So really becoming root in x is in a way a security risk.

I see no way a hacker with control of a normal user account could send keys to a root shell that was logged in the terminal unless they cracked your root password or gained root access via some bug in a suid process.

Since I dont run a busness from my home PC I'm not going to bother logging out of my three root konsole sessions, closing down kpackage or setting a screen saver password (just incase someone smashes a window of my house and gets onto my computer).
 
Old 09-06-2004, 09:38 AM   #5
bruj3w
Member
 
Registered: Mar 2004
Location: england
Distribution: slackware
Posts: 164

Rep: Reputation: 30
as a rule of thumb i never leave my box logged in as any user, root or otherwise.
 
Old 09-06-2004, 01:13 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You should never login as root because of the high possibility of being tricked into running a malicious program, or accidentally modifying something in an unrecoverable way.

There are many tricks that involve things in /tmp being executed by root, for instance. The most popular of those attacks are race conditions where an attacker knows that a certain program always creates a certain file in /tmp and then it gets executed by a user. If the attacker can create the file in /tmp first and put his own commands in it, when a user executes their program the attacker will gain their privileges. For a normal user this would be very bad, but root could still clean up the damage. If it was root itself that was fooled, then you're toast.

Historically their have been other problems as well, like being able to echo commands to a console that root is logged in on, spoofing PTTYs, and a whole host of other underhanded methods for getting a root user to execute commands of the attacker's choosing.

You should always use sudo to perform tasks that require root privileges. If you absolutely must login as root, then always type the full path of every command (don't rely on $PATH environment variable) and logout as soon as you're done working. You should always use rm with the -i flag so that it prompts you before removing files. The best way to do this is to add an alias in your rc file.
 
Old 09-06-2004, 03:34 PM   #7
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Smile

As always, Chort your answers are clear and complete
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logged in as root, prompted for root password ta0kira Slackware 13 04-25-2005 02:29 AM
kde much slower to start when logged in as alan than logged in as root arubin Slackware 0 04-26-2004 05:27 PM
I'm logged in as root now how do I fix this AndreL Linux - Software 5 02-23-2004 02:29 PM
mozilla works fine when logged in as a user but crashes when logged in as root jimi Linux - General 6 04-02-2003 09:34 PM
Only Sound when logged in as Root iancork01 Linux - Software 6 03-27-2003 07:59 PM


All times are GMT -5. The time now is 02:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration