Eee PC "security"



  • I just got a new Eee PC, and I'm quite liking it so far. But I found a, shall we say, "quirk" in the included Xandros configuration. This is a line included in sudoers:

    user    ALL=(ALL) NOPASSWD:ALL

    Oh, but that's not TRWTF. No no, you see, TRWTF is that if you take out NOPASSWD, the system no longer boots properly. Give that a minute to sink in.



  • find /etc/ -exec grep sudo {} ;

    That should find the offending file. Yes there is a better way to do this, but I don't feel like reading the grep manual at the moment.



  • @Lingerance said:

    find /etc/ -exec grep sudo {} ;

    That should find the offending file. Yes there is a better way to do this, but I don't feel like reading the grep manual at the moment.
     

    grep -R sudo /etc/



  • Meh, it's a device designed for a single user and not running any server-type applications. That's exactly how I used to set up sudo before distributions came with it preset. A bit odd that it does some sudo-ing during boot, but not really a WTF.

    Having said that, I immediately reformatted my eee and installed Xubuntu (not eeeXubuntu - it didn't exist at the time, but I reccomend it). I wanted a more familiar (I use [X]Ubuntu on all my recently-set-up Linux boxes (3)) system with more easily available software and much prefer GTK+ based desktops to the KDE/Custom desktop that Asus put on the eee.



  • Guess he wants an eeePC server?



    Don't see a huge issue here. But then again, I login on my desktop machine as root, even on KDE. I'm the only user, if I mess up I can fix it, and I don't get the "I cannot let you do that Dave" messages.



  • @CodeSimian said:

    grep -R sudo /etc/

    fgrep -R sudo /etc/

    no need for regexen in this case.

    @mallard said:

    Meh, it's a device designed for a single user and not running any server-type applications.


    so it shouldn't be connected to the 'net? ever?



  • @Daid said:

    I login on my desktop machine as root, even on KDE. I'm the only user, if I mess up I can fix it, and I don't get the "I cannot let you do that Dave" messages.
     

     

    Did you start out life as a Windows user?



  • @lanzz said:

    so it shouldn't be connected to the 'net? ever?
     

    The same goes for Daids box also, surely.

    Is it really so hard to type 'sudo' every so often?  (and it reminds you that you're doing something with possibly severe consequences)



  • @CodeSimian said:

    @Lingerance said:

    find /etc/ -exec grep sudo {} ;

    That should find the offending file. Yes there is a better way to do this, but I don't feel like reading the grep manual at the moment.
     

    grep -R sudo /etc/

    I don't think it's quite that simple. I also couldn't get the little shutdown/restart popup to work properly after the sudo timestamp expired. Nice to see they're using the Windows 95 security model. Maybe I'll have to turn on logging for sudo and see what it's doing - I'm pretty sure there's a way to log that.

    I might check out eeeXubuntu, though. It would be worth it as long as there aren't any huge driver/power management/boot time problems (and I suspect there aren't).



  • @Emyr said:

    @Daid said:

    I login on my desktop machine as root, even on KDE. I'm the only user, if I mess up I can fix it, and I don't get the "I cannot let you do that Dave" messages.
     

     

    Did you start out life as a Windows user?

    A dos user to be exact. I think I must be the strangest computer user around. Starting out with QBasic, having a pretty good knowlage of VB (And still use it very often, and like it...), can pull all tricks in C, dances with OOP, AND loves to use linux.



    It's my computer, I am in control. That's part of the FOSS spirit, right?



    About the "not connected to the net", why would "me = root" be bad if it's connected to the net? It's behind a linux router (which does use users, for the record. Messing up my desktop PC, fine, but on the router depend more people then just me) and SSH (or any other net enabled service) is disabled. Oh, yes, someone could hyjack my browser, use an exploid and execute root stuff on my desktop. But the root user puts little advantage to that. Without root rights you can still hijack a machine as soon as you can execute something on it. Ofcourse it's only hyjacked on user level, but you can do some pretty fantastic stuff on userlevel already.



  • @Daid said:

    It's my computer, I am in control. That's part of the FOSS spirit, right?
     

    Actually I believe that is the Swamp Spirit.



  • @Daid said:

    A dos user to be exact. I think I must be the strangest computer user around. Starting out with QBasic, having a pretty good knowlage of VB (And still use it very often, and like it...), can pull all tricks in C, dances with OOP, AND loves to use linux.

     Sorry to burst your bubble, but I'm just not certain you're that
    extraordinary. Started on an Apple IIc and Apple BASIC, with some time
    on a TRS-80 -- in the mid 80s. Moved over to PCs and DOS 3.x, starting with Tandy
    BASICA, then GW-BASIC, then QBasic. Then got into JavaScript in the mid
    90s. C++ and Visual Basic in the late 90s. ASP and SQL in the late 90s.
    Java in the early 00s. VB.NET then C# in the 00s. I run two different
    Linux distros (one on desktop, one on eee) in addition to XP, 2003 and
    Vista at home. Soon, I'll have an MBP in my possession as well. You're
    just another geek buddy -- we're all over the place.



  • @andrewbadera said:

    @Daid said:

    A dos user to be exact. I think I must be the strangest computer user around. Starting out with QBasic, having a pretty good knowlage of VB (And still use it very often, and like it...), can pull all tricks in C, dances with OOP, AND loves to use linux.

     Sorry to burst your bubble, but I'm just not certain you're that
    extraordinary. Started on an Apple IIc and Apple BASIC, with some time
    on a TRS-80 -- in the mid 80s. Moved over to PCs and DOS 3.x, starting with Tandy
    BASICA, then GW-BASIC, then QBasic. Then got into JavaScript in the mid
    90s. C++ and Visual Basic in the late 90s. ASP and SQL in the late 90s.
    Java in the early 00s. VB.NET then C# in the 00s. I run two different
    Linux distros (one on desktop, one on eee) in addition to XP, 2003 and
    Vista at home. Soon, I'll have an MBP in my possession as well. You're
    just another geek buddy -- we're all over the place.

    I more ment the "Still use and like VB" part, and with VB I mean VB6. In combination with linux that raises a lot of eyebrows over here. Oh, and in the mid 80s I was just starting to breath, so coding came a bit later for me ;) (and MBP is a macbook pro?)



    And, I finaly think I understand that "MasterAsshatPlan got owned!" tag.



  • @MasterPlanSoftware said:

    @Daid said:
    It's my computer, I am in control. That's part of the FOSS spirit, right?
    Actually I believe that is the Swamp Spirit.
    Well he hasn't mentioned "Data Data Data" yet, so he's only in the vicinity of The Shack.



  • @Emyr said:

    @Daid said:

    I login on my desktop machine as root, even on KDE. I'm the only user, if I mess up I can fix it, and I don't get the "I cannot let you do that Dave" messages.
     

     

    Did you start out life as a Windows user?

    Yay, more ignorance of the Unix security model!  Look, if you are working on a single-user machine there is no protection afforded by not running as root.  I don't do it myself, but that's because a lot of programs will whine if they are run as root, so I just prefer to avoid it.  There's not a lot of sense to having different user accounts for a single-user machine.  The same applies for dedicated web, db or mail servers. 



  • @morbiuswilters said:

    Look, if you are working on a single-user machine there is no protection afforded by not running as root.

    I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.

    There's not a lot of sense to having different user accounts for a single-user machine.  The same applies for dedicated web, db or mail servers.

    Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.



  • @Vanders said:

    @morbiuswilters said:

    Look, if you are working on a single-user machine there is no protection afforded by not running as root.

    I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.

    "rm -rf /" would still remove all your local user files. Sure, the machine still runs, but you are still fuxed.

    There's not a lot of sense to having different user accounts for a single-user machine.  The same applies for dedicated web, db or mail servers.

    Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.

    Services being pwned and quotas? (Only two I can come up with)

    Oh, and for a WTF waiting to happen. I'm designated to admin the developers linux server over here, +-15 users. (as the IT department cannot seem to grasp linux)

    Data Data Data.


  • @Vanders said:

    I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.

    The only thing that root can rm on my desktop machine that my user account cannot are system files.  Since these are available for free on the Internet they are easily replaceable.  My hard work which is not replaceable can be deleted by me.  Also, all of my sensitive information like passwords, ssh keys and credit card numbers are all readable by my account.  Also, if you're the type to "mash your keyboard" while doing an rm you are pretty much doomed to wipe out your home directory someday.  Good luck with that.

     

    @Vanders said:

    Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.

    In particular cirumstances, sure.  If you have a machine that is only web and db server for your own app with nothing else running on it, where would be problem be?  All critical information is accessible to the accounts that either daemon will run under.  It's the same situation as my desktop machine -- the only thing root can do is screw with system files.  Now, there certainly are other things to consider but that's because there is no "one size fits all" security solution.  That problem with the "never run as root" mentality is that it is essentially groupthink that prevents people from critically questioning their security infrastructure.  Until you can see that "never run as root" is just as senseless as "always run as root" you are probably not going to be particularly effective at security.



  • @morbiuswilters said:

    @Vanders said:
    I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.

    The only thing that root can rm on my desktop machine that my user account cannot are system files.  Since these are available for free on the Internet they are easily replaceable.  My hard work which is not replaceable can be deleted by me.  Also, all of my sensitive information like passwords, ssh keys and credit card numbers are all readable by my account.  Also, if you're the type to "mash your keyboard" while doing an rm you are pretty much doomed to wipe out your home directory someday.  Good luck with that.

    You're basically saying "Yes, I can destroy my entire system, but I can just re-install it". Well sure, I guess. It just strikes me that taking reasonable steps to not destroy your system in the first place may be a better strategy here. Still, I'm heartened to learn that you never make a typo, so I guess it's never going to be an issue for you.

    @morbiuswilters said:

    @Vanders said:
    Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.

    In particular cirumstances, sure.  If you have a machine that is only web and db server for your own app with nothing else running on it, where would be problem be?

    Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges? 



  • @Vanders said:

    @morbiuswilters said:

    @Vanders said:
    I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.

    The only thing that root can rm on my desktop machine that my user account cannot are system files.  Since these are available for free on the Internet they are easily replaceable.  My hard work which is not replaceable can be deleted by me.  Also, all of my sensitive information like passwords, ssh keys and credit card numbers are all readable by my account.  Also, if you're the type to "mash your keyboard" while doing an rm you are pretty much doomed to wipe out your home directory someday.  Good luck with that.

    You're basically saying "Yes, I can destroy my entire system, but I can just re-install it". Well sure, I guess. It just strikes me that taking reasonable steps to not destroy your system in the first place may be a better strategy here. Still, I'm heartened to learn that you never make a typo, so I guess it's never going to be an issue for you.

    Sometimes a bit of destruction can help you a lot. I messed up with xargs once. As a user, had I ran the same job as root, the damage would actualy been have less, as it would have started with removing system files (which are easy reproduceable) before I aborted.

    @morbiuswilters said:
    @Vanders said:
    Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.

    In particular cirumstances, sure.  If you have a machine that is only web and db server for your own app with nothing else running on it, where would be problem be?

    Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges? 

    "Advocating" might be a bit more then he does. But he is saying that from a security standpoint there is little difference, IF you only run a single service. Imagine, I have only apache running, apache gets owned, all (custom) contents of the machine is now open for the attacker, and he can run whatever he wants on it. No other services are accessable with or without root now, as there are no other services.

    He comes with arguements, you just scream "Don't!" which makes you a zealot and him a self thinking entity. (And which part of "webserver" equals an interactive user?...)


  • @Vanders said:

    You're basically saying "Yes, I can destroy my entire system, but I can just re-install it". Well sure, I guess. It just strikes me that taking reasonable steps to not destroy your system in the first place may be a better strategy here. Still, I'm heartened to learn that you never make a typo, so I guess it's never going to be an issue for you.

    I do, by double-checking any delicate commands I'm running whether I am doing so as root or myself.  You also miss my point -- I can destroy my useful data as either root or myself but I can only destroy my useless data as root.

     

    @Vanders said:

    Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges? 

    Interactive users should always log in under their own accounts.  In many circumstances, running network-facing server processes with root privileges is no less secure than running them under a controlled account, but it all depends on your setup.  If you are running several distinct services that have little-to-no interaction amongst them on the same machine, there should be separation of privileges.  If you're running Apache and MySQL for a web app you wrote, what benefit are two different user accounts going to provide you with?



  • <font color="#FF0000">QUOTING VIOLATION BY USER 'DAID' DETECTED!</font>. Stay where you are while The Architect adjusts your programming.

    Time has no meaning in The Matrix In reply to
                </td>
            </tr>
        </table>
    </h4>
    <table cellspacing="0" cellpadding="0" style="border:0px;width:100%;">
        <tr valign=top>
            <td rowspan="2" class="ForumPostUserArea">
                <div class="ForumPostUserContent">
                    <ul class="ForumPostUserPropertyList">
                        <li class="ForumPostUserName"><img src="http://forums.thedailywtf.com/Themes/leanandgreen/images/user_IsOnline.gif" alt="" style="border-width:0px;" /><a>The Architect</a></li>
                        <li class="ForumPostUserAvatar"><img src="/utility/anonymous.gif" alt="" style="border-width:1px;border-style:solid;max-height:80px;max-width:80px;" /></li>
                        <li class="ForumPostUserIcons"><img title="Top 10 Contributor" alt="Top 10 Contributor" src="/Themes/leanandgreen/images/rankicons/rankTop10.gif" /></li>
                        <li class="ForumPostUserAttribute">Creator</li>
                        <li class="ForumPostUserAttribute">Posts &#8734;</li>
                    </ul>
                </div>
            </td>
            <td class="ForumPostContentArea">
                <div class="ForumPostTitleArea">
                    <h4 class="ForumPostTitle">
                        Quoting Violation Adjustment
                    </h4>
                    <div class="ForumPostThreadStatus">
                    </div>
    			    <div class="ForumPostButtons">
                        <a class="CommonImageTextButton CommonReplyButton">Reply</a>
                        <a class="CommonImageTextButton CommonFavoriteButton">Favorites</a>
                        <a class="CommonImageTextButton CommonContactButton">Contact</a>
                    </div>
                </div>
                <table cellpadding="0" cellspacing="0" style="table-layout:fixed;border:0px;width:100%;height:100%;">
                    <tr><td>
                        <div class="ForumPostBodyArea">
                            <div class="ForumPostContentText">
    									    <p>Program corrections commencing...</p>



  • @AbbydonKrafts said:

    <font color="#ff0000">QUOTING VIOLATION BY USER 'DAID' DETECTED!</font>. Stay where you are while The Architect adjusts your programming.

    It's odd that you and The Architect have the same signature..  In fact, I don't believe I've ever seen you and The Architect in the same room together.  You always have to "run to the store" every single time he is about to show up..  Do you have something you want to tell us?



  • @morbiuswilters said:

    @Vanders said:
    Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges? 

    Interactive users should always log in under their own accounts.  In many circumstances, running network-facing server processes with root privileges is no less secure than running them under a controlled account, but it all depends on your setup.  If you are running several distinct services that have little-to-no interaction amongst them on the same machine, there should be separation of privileges.  If you're running Apache and MySQL for a web app you wrote, what benefit are two different user accounts going to provide you with?

     

    Remote exploits? If there is a remote exploit in whatever service you're running, and you're running the service as root, you've now got a remote root exploit running on your machine. If it's running as an unpriviliged user, it's an exploit still but the attacker is not going to automatically gain root access to your server.

    Please tell me I don't need to explain why the possibility of allowing Joe Random Cracker gaining root on your servers is a bad idea? In fact, I'm kind of hoping you're going to tell me this entire thread has been a joke.



  • @Vanders said:

    Remote exploits? If there is a remote exploit in whatever service you're running, and you're running the service as root, you've now got a remote root exploit running on your machine. If it's running as an unpriviliged user, it's an exploit still but the attacker is not going to automatically gain root access to your server.

    Please tell me I don't need to explain why the possibility of allowing Joe Random Cracker gaining root on your servers is a bad idea? In fact, I'm kind of hoping you're going to tell me this entire thread has been a joke.

    If the server isn't running several distinct services, what's the difference between being root or being a restricted daemon account?  The fact that you still aren't getting this leads me to believe you do not think critically about security but instead just parrot whatever you've read elsewhere.



  • @Vanders said:

    @morbiuswilters said:

    @Vanders said:
    Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges? 

    Interactive users should always log in under their own accounts.  In many circumstances, running network-facing server processes with root privileges is no less secure than running them under a controlled account, but it all depends on your setup.  If you are running several distinct services that have little-to-no interaction amongst them on the same machine, there should be separation of privileges.  If you're running Apache and MySQL for a web app you wrote, what benefit are two different user accounts going to provide you with?

     

    Remote exploits? If there is a remote exploit in whatever service you're running, and you're running the service as root, you've now got a remote root exploit running on your machine. If it's running as an unpriviliged user, it's an exploit still but the attacker is not going to automatically gain root access to your server.

    Please tell me I don't need to explain why the possibility of allowing Joe Random Cracker gaining root on your servers is a bad idea? In fact, I'm kind of hoping you're going to tell me this entire thread has been a joke.

    Allowing Joe Random Cracker gaining access on your servers is bad. As they can get your data, and run whatever they want. Then tell me, what difference will root make?



    Yes, you need to explain. Cause we don't all have godlike wisdom like you do.



  • @morbiuswilters said:

    If the server isn't running several distinct services, what's the difference between being root or being a restricted daemon account?

    Most remote exploits of this type are not done by script kiddies who just want to trash your data. They are done by people who are looking for machines to add to their botnets, spam from, server illegal content from or otherwise do illegal or immoral things with on your dime.

    The fact that you still aren't getting this leads me to believe you do not think critically about security but instead just parrot whatever you've read elsewhere.

    The fact that you're disregarding over thirty years or learned experience of thousands of UNIX system administrators leads me to have lost a little more faith in humanity as a whole.



  • @morbiuswilters said:

    In fact, I don't believe I've ever seen you and The Architect in the same room together.  You always have to "run to the store" every single time he is about to show up..  Do you have something you want to tell us?

    He's my inner twin. Sometimes he likes to take over.

    Time has no meaning in The Matrix In reply to
                </td>
            </tr>
        </table>
    </h4>
    <table cellspacing="0" cellpadding="0" style="border:0px;width:100%;">
        <tr valign=top>
            <td rowspan="2" class="ForumPostUserArea">
                <div class="ForumPostUserContent">
                    <ul class="ForumPostUserPropertyList">
                        <li class="ForumPostUserName"><img src="http://forums.thedailywtf.com/Themes/leanandgreen/images/user_IsOnline.gif" alt="" style="border-width:0px;" /><a>The Architect</a></li>
                        <li class="ForumPostUserAvatar"><img src="/utility/anonymous.gif" alt="" style="border-width:1px;border-style:solid;max-height:80px;max-width:80px;" /></li>
                        <li class="ForumPostUserIcons"><img title="Top 10 Contributor" alt="Top 10 Contributor" src="/Themes/leanandgreen/images/rankicons/rankTop10.gif" /></li>
                        <li class="ForumPostUserAttribute">Creator</li>
                        <li class="ForumPostUserAttribute">Posts &#8734;</li>
                    </ul>
                </div>
            </td>
            <td class="ForumPostContentArea">
                <div class="ForumPostTitleArea">
                    <h4 class="ForumPostTitle">
                        Re: Eee PC "security"
                    </h4>
                    <div class="ForumPostThreadStatus">
                    </div>
    			    <div class="ForumPostButtons">
                        <a class="CommonImageTextButton CommonReplyButton">Reply</a>
                        <a class="CommonImageTextButton CommonFavoriteButton">Favorites</a>
                        <a class="CommonImageTextButton CommonContactButton">Contact</a>
                    </div>
                </div>
                <table cellpadding="0" cellspacing="0" style="table-layout:fixed;border:0px;width:100%;height:100%;">
                    <tr><td>
                        <div class="ForumPostBodyArea">
                            <div class="ForumPostContentText">
    									    <p>What he said.</p>



  • @Vanders said:

    Most remote exploits of this type are not done by script kiddies who just want to trash your data. They are done by people who are looking for machines to add to their botnets, spam from, server illegal content from or otherwise do illegal or immoral things with on your dime.

     

    Yes, and they can do all of those from a restricted user account.  It may take a tiny bit more work than just having root access, but it's not rocket science and if we're talking about "real h4x0rz" here it's not going to slow them down much, if it all.  The thing I would fear most of all is having my customers' important information disclosed which would be possible from either.

     

    @Vanders said:

    The fact that you're disregarding over thirty years or learned experience of thousands of UNIX system administrators leads me to have lost a little more faith in humanity as a whole.

    The Unix security model is based on large shared-servers with hunderds or thousands of interactive accounts.  It does not apply when you are talking about one or two intertwined services.



  • @Vanders said:

    @morbiuswilters said:

    If the server isn't running several distinct services, what's the difference between being root or being a restricted daemon account?

    Most remote exploits of this type are not done by script kiddies who just want to trash your data. They are done by people who are looking for machines to add to their botnets, spam from, server illegal content from or otherwise do illegal or immoral things with on your dime.

    The fact that you still aren't getting this leads me to believe you do not think critically about security but instead just parrot whatever you've read elsewhere.

    The fact that you're disregarding over thirty years or learned experience of thousands of UNIX system administrators leads me to have lost a little more faith in humanity as a whole.

    A zombie limited to running as a daemon account will, in all likelihood, still be able to send spam and host warez and do whatever else an attacker wants the zombie to do, unless your daemon accounts have amazingly well-defined specific limits on them enforced by the OS. However, any such zombie will be much more detectable and cleanable than an equivalent zombie running as root. If you're rooted, you might go a long time without realizing it [e.g. if ps is replaced on you so you can't see the evil processes], and you're going to have to reinstall the entire system to be sure you got everything. A user-account infestation will show up more easily, the set of executables you'll need to replace is much smaller, and the tools you need to replace things will be unharmed.

     



  • @Noser said:

    However, any such zombie will be much more detectable and cleanable than an equivalent zombie running as root. If you're rooted, you might go a long time without realizing it [e.g. if ps is replaced on you so you can't see the evil processes], and you're going to have to reinstall the entire system to be sure you got everything. A user-account infestation will show up more easily, the set of executables you'll need to replace is much smaller, and the tools you need to replace things will be unharmed.

    True, but if you let a zombie get onto a machine you have complete control of anyway, you pretty much suck at security and will end up rooted anyway.  Any serious operation can re-deploy a server in a matter of minutes, too, so wiping out a root-level infestation isn't that time-consuming.



  • Finaly... someone WITH a backup. "OMG not run as root!" is useless without knowing why.



    Noser states it right, with not giving root, it's easier to detect something is wrong. Now, someone might always get into it, gain root after that, and then own your box undetectable (patching libraries&kernel to make sure your files remain hidden). A user level botnet thing running is easier to detect (It can still hide itself from that user, but not from root)



    You can try to clean it up, but that could be more work then reinstall. (Expecialy if you are prepaired for an event like this) and if that bot got in, something else that you haven't seen yet might have gotten in as well.



    Computers are science, and science is not blindly following the other sheep. Sure, it might get you a long way, but there is always a front sheep, and you asume it knows what it is doing. But it might as well be jumping down a cliff.



  • @Daid said:

    I more ment the "Still use and like VB" part, and with VB I mean VB6. In combination with linux that raises a lot of eyebrows over here. Oh, and in the mid 80s I was just starting to breath, so coding came a bit later for me ;) (and MBP is a macbook pro?)



    And, I finaly think I understand that "MasterAsshatPlan got owned!" tag.

     

     

    Gotcha. I started sucking in air and exhausting ... well, other things, in '79 myself.

     Yep, MBP == Macbook Pro

     And, VB6? Pain, bro, pain! I was stuck working in VB6 for a while end of 2006, beginning of 2007. I've been solidly, happily in C# for the past 13-14 months however. Well, a little J# thrown in. And Python side projects.



  • Dude thats awsome! You seem to be the first to make duplicate post exploits... Alright post the source somewhere so we don't actually have to do the work of spending time actually making the fake posts... commence operation pandamoneum.



  • Igor, start up the puppet mode!

    								    </div>
    								    </td></tr>
    							    </table>
    						    </td>
    					    </tr>
    					    <tr valign="bottom">
    
    						    <td class="ForumPostFooterArea">	
    							    
    							    <ul class="ForumPostStatistics CommonPrintHidden" style="clear: both;">
    							        <li></li>
    							        
    								    
    								    <li><a href="/forums/ReportAbuse.aspx?ForumID=1&amp;ReportPostID=160960">Report abuse</a></li>
    								    <li><a onclick="Telligent_Modal.Open('/forums/QuickReply.aspx?ReplyToPostID=160960',600,400,new Function('result', 'if (result != undefined &amp;&amp; !result) { window.location.reload(false); }')); return false;" href="#">Quick Reply</a></li>
    							    </ul>
    						    </td>
    					    </tr>
    
    				    </table>
    			    </div>
    		    </li>
            
    		    <li>
    		        <a name="160962"></a>
    			    <div class="ForumPostArea">
    				    <h4 class="ForumPostHeader">
    					    <table cellpadding="0" cellspacing="0" border="0" width="100%">
    						    <tr valign="middle">
    
    							    <td align="left">
    							        <a href="/forums/p/8464/160962.aspx#160962"><img src="/Themes/leanandgreen/images/icon_post_show.gif" alt="" style="border-width:0px;" /></a>
    							        Thu, Apr 17 2008 10:41 PM    
    							    </td>
    							    <td align="right">
    							    
    							    <a href="/forums/p/8464/160960.aspx#160960">In reply to</a>
    							    
    							    </td>
    						    </tr>
    					    </table>
    
    				    </h4>
    				    <table cellspacing="0" cellpadding="0" border="0" width="100%">
    					    <tr valign=top>
    						    <td rowspan="2" class="ForumPostUserArea">
    							    <div class="ForumPostUserContent">
    							    <ul class="ForumPostUserPropertyList">
    								    <li class="ForumPostUserName">
    								        
    								                <img src="/Themes/leanandgreen/images/user_IsOnline.gif" alt="" style="border-width:0px;" />
    								                
    								            
    								        <a href="/members/Lingerance.aspx">Igor</a>
    
    								    </li>
    								    <li class="ForumPostUserAvatar"><img src="/users/avatar.aspx?userid=9551&amp;lastmodified=633434226938747500" alt="" style="border-width:1px;border-style:solid;max-height:80px;max-width:80px;" /></li>
    								    
    							                <li class="ForumPostUserIcons"><img title="Top 25 Contributor" alt="Top 25 Contributor" src="/Themes/leanandgreen/images/rankicons/rankTop25.gif" /></li>
    							                <li class="ForumPostUserAttribute">Never actually joined...</li>
    							                
    							                <li class="ForumPostUserAttribute">Posts <a href="/search/SearchResults.aspx?u=9551&amp;o=DateDescending">-1</a></li>
    							                
                                                
                                                
                                            
    							    </ul>
    							    </div>
    
    						    </td>
    						    <td class="ForumPostContentArea">
    							    <div class="ForumPostTitleArea">
    								    <h4 class="ForumPostTitle">
    								        
    									    Re: Eee PC &quot;security&quot;
    								    </h4>
    									
    							        
    
    							        <div class="ForumPostThreadStatus">
    							            
    							            
    					                    
    							        </div>
    
    								    <div class="ForumPostButtons">
    								        
    								        <a class="CommonImageTextButton CommonReplyButton" href="/forums/AddPost.aspx?ReplyToPostID=160962&amp;Quote=False">Reply</a>
    								        
    								        
    								        <a class="CommonImageTextButton CommonFavoriteButton" onclick="return window.ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl02_ctl17_ctl00_ServerPopulatedPopupMenu.LoadMenu(this, event, '9551:160962:18:Forum');" href="#">Favorites</a>
    								        <a class="CommonImageTextButton CommonContactButton" onclick="return window.ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl02_ctl18_ctl00_ClientPopulatedPopupMenu.LoadMenu(this,event,['9551','Lingerance','0','1','','','','/search/SearchResults.aspx?u=9551&amp;o=DateDescending'],null);" href="#">Contact</a>
    								        
    								    </div>
    							    </div>
    								
    							    <table cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="table-layout: fixed;">
    
    								    <tr><td>
    								    <div class="ForumPostBodyArea">
    								    <div class="ForumPostContentText">
    

    Yes master?

    								    </div>
    								    <div class="ForumPostSignature">#TDWTF@irc.slashnet.org<br /></div>
    								    </div>
    
    								    </td></tr>
    							    </table>
    						    </td>
    					    </tr>
    					    
    				    </table>
    			    </div>
    		    </li>


  • @Daid said:

    "rm -rf /" would still remove all your local user files. Sure, the machine still runs, but you are still fuxed.

    At which point, I turn to my right, hit the "power" button on my backup server, and restore the contents of my home directory. Total restore time: less than an hour. And in the meantime, since ksirc and Firefox weren't clobbered, I've got something to do.



  • @morbiuswilters said:

    You also miss my point -- I can destroy my useful data as either root or myself but I can only destroy my useless data as root.

     

    Perhaps you should reconsider your setup. I have a nightly rsync backup of my important files running as a root cronjob. The rsync sets the permissions of the copied files to root access only. This way, a rm -rf / wont wipe out anything except what I changed today. This wouldn't be as easy to ensure if I was running as an admin user. There are so many benifits to running as an underprivilaged user, and the inconvenience of having to type sudo every now and then is so small. I just don't understand why people take the risk.

    Also, it doesn't make sense to me why someone would need to run Apache as root. With an underprivilaged daemon user you can have most of your content directories owned by another user and have the group / other only able to read it. (With the exception for directories that need content uploads, template compiling, etc.) If a hacker comprimises Apache as root, not only can they erase all of your web content, but they can erase your configuration too. Which I don't know about you, but I spend way too much time customizing my server configs.

    Of course I'm not going to deny I'm paranoid. But, I've also been burned one to many times by carelessness. Just keep in mind, the experts wouldn't recommend these things just to make your life harder. ;D



  • @etherealpanda said:

    Perhaps you should reconsider your setup. I have a nightly rsync backup of my important files running as a root cronjob. The rsync sets the permissions of the copied files to root access only. This way, a rm -rf / wont wipe out anything except what I changed today. This wouldn't be as easy to ensure if I was running as an admin user. There are so many benifits to running as an underprivilaged user, and the inconvenience of having to type sudo every now and then is so small. I just don't understand why people take the risk.

    I do have this, it's called a "backup" and instead of copying the files locally it rsyncs them to an off-site server.  It is still possible for me to lose changes since my last backup if I rm -r my home directory.  Also, I don't backup my music or video as I have them on the original media and I don't want to bother having that much extra disk space.

     

    @etherealpanda said:

    Also, it doesn't make sense to me why someone would need to run Apache as root. With an underprivilaged daemon user you can have most of your content directories owned by another user and have the group / other only able to read it. (With the exception for directories that need content uploads, template compiling, etc.) If a hacker comprimises Apache as root, not only can they erase all of your web content, but they can erase your configuration too.  Which I don't know about you, but I spend way too much time customizing my server configs.

    I don't run Apache as root, my point is that it makes no difference as Apache already has access to all important info.  Sure, you can prevent code and config files from being deleted, but you should already have those in version control, anyway.  You can't stop Apache from deleting anything your web app can delete, which means everything in the database it connects to and any files created by the web app.  Also, an attacker can save copies of the data for themself and use it to cause harm to your customers.   How much worse would root access be?

     

    @etherealpanda said:

    Of course I'm not going to deny I'm paranoid. But, I've also been burned one to many times by carelessness. Just keep in mind, the experts wouldn't recommend these things just to make your life harder. ;D

    Assuming someone actually was an expert, they shouldn't be recommending pointless security voodoo like this.  I'm not saying "go run it as root" what I'm saying is "there are several cases where there is essentially no difference between the damage a user account and root can do" and that acting like "running as root" is the root of all Unix security problems is absolutely ridiculous.



  • I use Windows and even I don't run as root all the time. I have 2 accounts 1 called "root" and 1 called "user" and I usually log in to the account called "user" which doesn't have administrative access. I can use the runas command when I need to run as root. I also disabled the welcome screen and make require CTRL+ALT+DEL to login, and make it to not display the last user name, so you have to type it in every time. I do that even though I am the only person using this computer. I also have an account called "printer" as well, but login is disabled on that one, that is used only for printing from another laptop computer, on to the printer that is connected to my computer.



  • @morbiuswilters said:

    Sure, you can prevent code and config files from being deleted, but you should already have those in version control, anyway.

    Don't bother patching, just restore your backups. Great advice.

    @morbiuswilters said:

    You can't stop Apache from deleting anything your web app can delete

    Which is SIGNIFICANTLY less than what root can delete or modify.



  • @Cap'n Steve said:

    Don't bother patching, just restore your backups. Great advice.

    How did you get anything close to that out of my statement?  I said his code and config files should be in version control.  That's just solid advice.

     

    @Cap'n Steve said:

    Which is SIGNIFICANTLY less than what root can delete or modify.

    Please don't read the last post in a thread and reply to it without the necessary context to understand it.  The only thing root can delete that Apache cannot are system binaries and those are easily replaceable.  Everything important is already available to Apache.



  • @morbiuswilters said:

    @Cap'n Steve said:

    Don't bother patching, just restore your backups. Great advice.

    How did you get anything close to that out of my statement?  I said his code and config files should be in version control.  That's just solid advice.

    You were implying that getting hacked doesn't matter if you can replace the files. It is solid advice, but backup and security are two different things.

    @morbiuswilters said:

    @Cap'n Steve said:

    Which is SIGNIFICANTLY less than what root can delete or modify.

    Please don't read the last post in a thread and reply to it without the necessary context to understand it.  The only thing root can delete that Apache cannot are system binaries and those are easily replaceable.  Everything important is already available to Apache.

    That's true only if the machine has only two user accounts. I think the recommended practice is to give Apache its own account. And correct me if I'm wrong, but shouldn't Apache only need write access to the log files?



  • @Cap'n Steve said:

    You were implying that getting hacked doesn't matter if you can replace the files. It is solid advice, but backup and security are two different things.

    I was not implying that getting hacked didn't matter, I was saying that getting Apache hacked and getting root hacked are essentially the same in the amount of damage done because the only thing extra root can do is remove system files which are easily replaceable.

     

    @Cap'n Steve said:

    That's true only if the machine has only two user accounts. I think the recommended practice is to give Apache its own account.

    That would be two user accounts (root and Apache).  If Apache is compromised, the amount of damage that can be done is essentially the same whether Apache is running as root or as a dedicated user.  The Apache account can 1) read your source files, 2) read the data stored by the web app, 3) delete or modify the data stored by the web app.  I would consider those three to be the worst things that could happen if I were compromised -- having system binaries replaced?  Not a big deal.

     

    @Cap'n Steve said:

    And correct me if I'm wrong, but shouldn't Apache only need write access to the log files?

    Not sure how keeping Apache from reading its own log files is going to help anything.



  • @morbiuswilters said:

    @Cap'n Steve said:

    And correct me if I'm wrong, but shouldn't Apache only need write access to the log files?

    Not sure how keeping Apache from reading its own log files is going to help anything.

    Ok, that could've been phrased better. I meant that the only thing Apache [i]needs[/i] to write to are its log files and pid file, right? So if you've set up Apache with its own account, a compromised system should only result in the loss of three or so files.



    And even if you immediately notice that you've been rooted and restore a clean backup (and that's a pretty big if), wouldn't it be nicer to not have to restore a backup at all?



  • @Cap'n Steve said:

    Ok, that could've been phrased better. I meant that the only thing Apache needs to write to are its log files and pid file, right? So if you've set up Apache with its own account, a compromised system should only result in the loss of three or so files.



    And even if you immediately notice that you've been rooted and restore a clean backup (and that's a pretty big if), wouldn't it be nicer to not have to restore a backup at all?

    If your web app needs the ability to upload files, those will also be writeable.  Also, anything in the database is fair game.  If your web app can read/write it, then so can anyone who compromises your webserver.  And it would be nice not to have to resort to a backup, but the point is that the only thing that's really valuable on the server is the data created by the web app and running the server under a dedicated user account will not provide any additional protection for that data. 



  • @morbiuswilters said:

    I do have this, it's called a "backup" and instead of copying the files locally it rsyncs them to an off-site server.  It is still possible for me to lose changes since my last backup if I rm -r my home directory.  Also, I don't backup my music or video as I have them on the original media and I don't want to bother having that much extra disk space.

    I didn't know you had an off-site backup server, so I assumed you had none. I don't have the resources for a backup sever at home, so my setup allows for me to still have a reasonable amount of security with my nightly backups.

    @morbiuswilters said:

    I don't run Apache as root, my point is that it makes no difference as Apache already has access to all important info.  Sure, you can prevent code and config files from being deleted, but you should already have those in version control, anyway.  You can't stop Apache from deleting anything your web app can delete, which means everything in the database it connects to and any files created by the web app.  Also, an attacker can save copies of the data for themself and use it to cause harm to your customers.   How much worse would root access be?

    Yeah you're right, I should have my configuration in version control. I don't know why that's never occurred to me. 

    @morbiuswilters said:

    Assuming someone actually was an expert, they shouldn't be
    recommending pointless security voodoo like this.  I'm not saying "go
    run it as root" what I'm saying is "there are several cases where there
    is essentially no difference between the damage a user account and root
    can do" and that acting like "running as root" is the root of all Unix
    security problems is absolutely ridiculous. 

    Running as root isn't the end all be all of security problems. But, isn't security in general is about plugging as many holes as you can? If someone got into my system and trashed my OS, it would take me at least a half of a day to get everything set backup (even with backups of my configuration).You're right that a hacker getting all of your client's data is a much bigger deal than restoring system binaries, but it would save the admin a lot of time if the only thing I need to restore is backups.

    I see where you're coming from, but I just don't think I can agree.




  • @etherealpanda said:

    Running as root isn't the end all be all of security problems. But, isn't security in general is about plugging as many holes as you can? If someone got into my system and trashed my OS, it would take me at least a half of a day to get everything set backup (even with backups of my configuration).You're right that a hacker getting all of your client's data is a much bigger deal than restoring system binaries, but it would save the admin a lot of time if the only thing I need to restore is backups.

    I see where you're coming from, but I just don't think I can agree.

    Please understand that I'm not advocating running Apache as root or saying that there are no circumstances where a dedicated user account provides more security.  My point is that if you are running a web app on a dedicated machine, Unix security permissions are the least of your worries.  Time should be focused on making the app itself more secure, removing unused features from any software being used and keeping up with the latest patches.  You are far more likely to be compromised by a security hole in Apache, MySQL, PHP or your own code than you are by running as root.  Once somebody can execute arbitrary code on your machine as any user, the game is pretty much up.  Not to mention that privilege escalation attacks are generally more successful than remote exploits, meaning that once somebody is in it's probably trivial for them to gain root access anyway.  Good security comes from assessing all potential attack vectors and addressing the most exploitable.  Under most circumstances, root access isn't even that big of a deal if somebody already has control of Apache, etc..

     

    It's also true that restoring the system is additional work, but it's a drop in the bucket compared to the problems of compromised user data.  Once you get into large-scale apps you probably have servers set to network-boot a clean image anyway, so restoring the OS is as simple as a reboot.  A much bigger security problem in this domain is trusting root accounts on your servers.  If you use the same root password for all servers or you store ssh keys in the root account for all servers it's much easier for an attacker to compromise your entire system.



  • Ah, I gotcha. I misunderstood what you were trying to say.



  • @Daid said:

    I more ment the "Still use and like VB" part, and with VB I mean VB6.
    Why would anybody use and like like like VB6 6 6, apart from the influence of Swamp Gas?



  • @Eternal Density said:

    Why would anybody use and like like like VB6 6 6, apart from the influence of Swamp Gas?

    That would be VB5. I still use VB6 for some things, like making quick utilities for my own use. I make the real apps in C# now, though.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.