| Tobias DiPasquale on Fri, 22 Feb 2002 23:00:13 +0100 |
|
On Fri, 2002-02-22 at 15:25, marc wrote: > I am not really adding to the discucssion either, but I thought I would ad > that if you don't run things as root, there is little you have to worry > about, viruses, or worms, for those listening deamons you HAVE to run as > root, make sure you keep up to date on the security advisories. I'd like to inject some information at this point. Running daemons as non-root users will alleviate some system-wide problems, yes, but this will not protect a user's personal data. For instance, suppose that I run my Apache web server on port 8088 as my own user ID. Well, any vulnerability that should exist in Apache, I, and all my files, are now subject to. Another issue is incorrect file permissions. While running named or in.ftpd as user nobody will protect a server's integrity somewhat, running xfs as nobody will not protect the desktop Linux user from a hole in xfs that will allow a worm to destroy files that the user has permissioned incorrectly. How many of you have personal files in your home directories that are chmod 664 right now? Linux is more secure by default than Windows, but it's not perfect. It's not even good. To alleviate these problems, one could run daemons in a chroot environment (this is rarely not possible, but sometimes inconvenient), or run cron jobs every so often to make sure that important files and directories are permissioned correctly (OpenBSD does this). A worm could affect most any *n*x-based system if the users of that system are not careful about security and permissions. > > And yes, I realize that I'm not really adding to the discussion. > > > > ______________________________________________________________________ > > Philadelphia Linux Users Group - http://www.phillylinux.org > > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug -- << T o b i a s D i P a s q u a l e >> anany@ece.villanova.edu | tdipas01@villanova.edu | toby@khenry.com Of course, in order to partially emulate an ASR-33, you could perhaps connect an IBM selectric up to your computer while running a looped recording of gunfight and an idling 58 chevy with one blown piston. For the final touch, you could replace the room's light switch with a dimmer switch and wiggle it back and forth whenever you are printing something out. -- Anonymous Coward, SlashDot, commenting about Caldera's release of some original UNIX sources Attachment:
signature.asc
|
|