SuSE Support Database

Title: Root and security, login in over the net

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

Root and security, login in over the net

Root and three important security rules

The account root may not be directly reachable on the net

The root account should not be reachable directly from other machines via telnet, rsh and rlogin. Reason: The root account could otherwise easily be broken into with help of crack on the net. However, when a potential agressor must first log himself in as a normal user to be able to break into, two more hurdles are to be taken. First crack must be installed on the system and second an attack from inside must be quickly detected. (Crack is a programme for password testing and cracking). Besides it happens, that the password in telnet goes at least once decoded on the Ethernet. With the corresponding network programmes other systems in Ethernet can filter such data more or less easily out of the TCP/IP packages.

This security step is also valid for NFS exported partitions: Set always explicitly the option root_squash in /etc/exports. You will find more about it on the manual page exports.

If you still allow root on others rather than the local terminal, please refer to the manual page login(5) (Call: man 5 login).

The root path should not contain the .

The system user root's shell variable PATH should not contain any `.', neither in front of nor behind. The point `.' is an abreviation of the directory just used and the shell scripts and programmes contained in it. Such programmes should be explicitly called by typing ./ in front.

Reason: When a normal user creates, for example, a script with the name ls containing

      	#!/bin/sh
      	cd /
      	rm -rf *
    	
in /tmp/ or in his/her HOME directory, root can erase itself the complete system unintentionally. As well when . should be behind in the shell variable PATH, one is not still safe from typing errors and calls a local programme unintentionally (instead of ls, la, for example). One would describe appropiately this danger as trojan horse.

Avoid to work as root

Each user should avoid to work as root, unless important jobs at the system itself must be executed by him.

Reason: The danger of an error is too big and root can do everything, really everything, even the unwanted . Under this condition unwanted orders are consequently executed without warning.

A original quote from a client, that should serve as warning:

... now an accident happened to me, because I've worked as root. With the 
hope of getting any sound, I have typed "ls > /dev/hdb2" instead of 
"/dev/dsp" by mistake - unfortunately, /dev/hb2 is my root partition.
Remark: /dev/hb2 was his root partition. But, along with malicious glee, we have the deepest sympathy too ;-)

Bibliography

---

See also:

---

Keywords: ROOT, POINT, PATH, SECURITY, LOGIN, RSH, TELNET, NFS

---

Feedback welcome: Send Mail to werner@suse.de (Please give the following subject: SDB-perms)

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

SDB-perms, Copyright SuSE GmbH, Nuremberg, Germany - Version:
Impressum - Last generated: 24. Feb 1999 15:17:59 by maddin with sdb_gen 1.00.0