LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-21-2005, 05:26 AM   #1
Gay R0b0t
Member
 
Registered: May 2004
Location: Sydney, Australia
Distribution: SUSE 9.3
Posts: 127

Rep: Reputation: 15
Question Easy access to root - vulnerability?


I am not sure if this is a security vulnerability or not, just thought I would mention it.

Here (below) I have opened a shell (konsole), typed 'su' and gained access to root, then 'su chris' to regain access to my normal account. Someone could then sit down and type 'exit' and regain root access without a password.

Code:
chris@3[~]$ su
Password:                    #gain of root access, with password
root@3[chris]# su chris      #changed back to user chris
chris@3[~]$ exit             #re-gain of root access, without password
exit
root@3[chris]                #can do whatever they want as root
Is this an issue or just a situation that should be avoided (i.e. use 'exit' to stop being root if you want to keep shell open).

Thanks
 
Old 02-21-2005, 05:31 AM   #2
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
This is an object lesson in not leaving root logged in.

Which is what you are actually doing. You haven't 'changed back' to the user chris. You have started a new login as 'chris' using rootly powers.

So basically, don't do this, as it's just going to cause confusion anyway.

I'm not really sure what your point is, to be honest.

But be careful with that root.
 
Old 02-21-2005, 07:36 AM   #3
merize147
Member
 
Registered: Oct 2004
Location: Where ever I put down Lappie
Distribution: Dragged kicking and screaming to RHEL
Posts: 132

Rep: Reputation: 15
try using "sudo" when you can.
 
Old 02-21-2005, 07:39 AM   #4
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Quote:
Originally posted by merize147
try using "sudo" when you can.
Yes, don't even login as root. Setup sudo, at least then when you leave your terminal open for all to access, your sudo login will time out and at least then they won't know your own password.

But lock your machine down when your not using it or stepping away and its out of sight, that's the smartest thing to do.
 
Old 02-21-2005, 07:48 AM   #5
db391
Member
 
Registered: Jun 2004
Location: Britain
Distribution: Slackware
Posts: 186

Rep: Reputation: 31
Two good ways to lock down a system:

1. secure X by adding these lines to /etc/X11/xorg.conf

Code:
 Section "ServerFlags"
    Option "DontVTSwitch"
    Option "DontZap"
 EndSection
and then activate the X screen saver every time you leave Linux logged in.

This way it keeps the screen on screen saver and does not allow X to be killed or changed to a TTY (non-X console).

2. If you are only using a TTY (without X running) then download and run vlock every time you leave your desk

---EDit---

3. Disable remote logins like ssh, telnet, rsh etc, because otherwise people could find a password to log in to your computer and run such commands like "killall X" or "rm -rfv /"

Last edited by db391; 02-21-2005 at 07:53 AM.
 
Old 02-21-2005, 08:19 AM   #6
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Rep: Reputation: 52
Re: Easy access to root - vulnerability?

Quote:
Originally posted by Gay R0b0t
I am not sure if this is a security vulnerability or not, just thought I would mention it.

Here (below) I have opened a shell (konsole), typed 'su' and gained access to root, then 'su chris' to regain access to my normal account. Someone could then sit down and type 'exit' and regain root access without a password.

Code:
chris@3[~]$ su
Password:                    #gain of root access, with password
root@3[chris]# su chris      #changed back to user chris
chris@3[~]$ exit             #re-gain of root access, without password
exit
root@3[chris]                #can do whatever they want as root
Is this an issue or just a situation that should be avoided (i.e. use 'exit' to stop being root if you want to keep shell open).

Thanks
This is really normal, since root has the ability to su to every user without password, and after you kill the loggin, you'll return to the user that su-ed. When you execute something from a console, this will be executed as a child process of the running console (bash program). So in your case you have something like this:

INIT->(chris)bash->su(root)bash->su(chris)bash.
After su-ing the last bash before su-ing is still alive.
Look at this:
Code:
kalkoto@darkstar:~$ ps
  PID TTY          TIME CMD
17991 pts/1    00:00:00 bash
18004 pts/1    00:00:00 ps
skalkoto@darkstar:~$
I'm running this from a console emulator:pts/1
Code:
skalkoto@darkstar:~$ ps -A|grep pts/1
17991 pts/1    00:00:00 bash
18005 pts/1    00:00:00 ps
18006 pts/1    00:00:00 bash
skalkoto@darkstar:~$
The second bash you see 18006 is because of the pipe (|) i think.
then:
Code:
skalkoto@darkstar:~$ su
Password:
root@darkstar:/home/skalkoto# ps -A|grep pts/1
17991 pts/1    00:00:00 bash
18014 pts/1    00:00:00 bash
18021 pts/1    00:00:00 ps
18022 pts/1    00:00:00 bash
root@darkstar:/home/skalkoto# ps -A|grep pts/1
17991 pts/1    00:00:00 bash
18014 pts/1    00:00:00 bash
18023 pts/1    00:00:00 ps
18024 pts/1    00:00:00 bash
root@darkstar:/home/skalkoto#
As you can see 1804 is the (root)bash after su-ing, but 17991 is still alive.
After I type exit:
Code:
root@darkstar:/home/skalkoto# exit
exit
skalkoto@darkstar:~$ ps -A|grep pts/1
17991 pts/1    00:00:00 bash
18025 pts/1    00:00:00 ps
18026 pts/1    00:00:00 bash
skalkoto@darkstar:~$
It will return to the previous state. If you su-ed a user from root, exit will get you to root again.
So this is a normal behaviour
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Laptops with Easy Access or Multimedia Keys jrattner1 Linux - Laptop and Netbook 11 11-21-2005 11:46 AM
Easy secure remote access ? waynep Linux - Newbie 2 02-18-2005 04:05 PM
Easy Way to Lock Internet Access TastyWheat Linux - Security 3 12-13-2004 06:21 AM
An easy way to view MS Access tables? Jefficus Linux - General 1 12-09-2003 11:20 AM
Easy access to the Internet drabkin Linux - Newbie 10 11-26-2002 08:03 AM


All times are GMT -5. The time now is 11:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration