Re: [SLUG] Sony-BM Rootkit:

From: steve szmidt (steve@szmidt.org)
Date: Wed Nov 16 2005 - 11:18:14 EST


On Wednesday 16 November 2005 09:55, James Haydon wrote:
> On Tuesday 15 November 2005 19:54, steve szmidt wrote:
> > Hopefully that did not just offer a bunch of confusion but some more
> > understanding.
> >
> > Let me know otherwise...
>
> So to have KDE autoplay for CD's configured as root is bad!

You never do anything as root that you don't need to. And most definitely
don't login as root for normal use.

But I'm not sure if that's what you are saying... You don't need root access
to play CD's. There's a automounter which mounts devices and it's running as
root. It mounts devices for you as that requires root access.

Now if you look at the rights given only the owner (root) can read and write
and all others (you) can only read. Of course that's not a problem as you
cannot write to a CD. When it comes to burning CD's, the software has to run
as root, or it won't be able to write.

When it comes to hard disks you can make the owner of files and directories
have read/write/execute rights if you want to. But the rights are given by
root. So you would configure it as root and then use it as a normal user.

If you need to add or remove programs you sometimes need to be root. Depending
on how the system is built you may not be able to add any executable files to
your normal user. This would be a common server setup.

For a desktop machine that's not practical as you may want to run scripts and
what not. One the server setup you partition the /home directory and then
only give the partition read and write access. This way any user who might
have a web site on that server can only add web pages, not executable
scripts.

On most desktop systems you can add programs like Mozilla open office etc, as
a plain user. If you do something like setup a filesharing program which has
poor security, you might find yourself sharing your login.

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:06 EDT