*ix vets should know this already, but I was thinking about it again
today, wondering how many sysadmin (and every Gentoo system user with
root access is effectively a sysadmin) newbies know it, thus this post.
No untrusted or non-root user should be able to set the path for root, or
write to any directories found in that path. If they can, or can
otherwise convince a root user to run an executable that they can write
to, they effectively already have root.
Something to think about when you are running as root. Do you ever as
root run scripts or other executables that a user has write access to?
Are your system permissions and root path setup appropriately so you
can't run them by default, perhaps when someone puts their own version of
something like ls earlier in your path than the system version?
Some cautious admins make it a practice to always use a full path when
invoking a command as root. That's a good practice, as far as it goes,
but to be really effective, they must ensure no scripts or other commands
they run as root, invoke anything else without full path either. That's
a tough one, even tougher than teaching yourself to always use a full
path, so not so many bother.
Who knows, maybe this will prevent someone reading it from getting
rooted. Like I said, I was just thinking about it, and decided it might
be something worth posting.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
--
gentoo-amd64@g.o mailing list
|
