False administrivia bounce.
----- Forwarded message from slug@lists.nks.net -----
Date: Thu, 14 Feb 2002 22:42:21 -0500
From: Ronan Heffernan <ronan.heffernan@mindspring.com>
Subject: Re: [SLUG] WAS about Linux virii
>
> I can't think of why logging in as root is a security problem,
> if you are logged in as `Joe', that doesn't prevent a Trojan
> horse from sending your password
When *you* are logged-in, the Trojan has no way of finding-out your
p*sswd (go ahead, tell me what command you type to have Linux tell you
what your passwd is (hint: there is none)). If you are running shadow
p*sswds (standard on all modern Linux distros?), a non-root user cannot
even see the encrypted hash of anyone's passwd. The best that the
Trojan could do is change your passwd to something that is known to Mr. Lu.
> to a guy named Lu (in China)
> that tenets into an open port and logs in as root
The fact the Mr. Lu has YOUR passwd does not let him log-in as root! He
could log-in as you (if you allow remote telnet logins from outside your
LAN). Logging-in as you allows him to read/change your files, but not
change system files. Also, as soon as his Trojan changes your passwd,
your next attempt (and all subsequent attempts) to log-in to your own
machine will fail; this should tip you off that something is not kosher.
> and E-mail
> your private thoughts to him. (or what ever)
>
> What has bothered me from my start is:
> I know the name of the super user on your box, everyone
> does.
> That seems to me to make security twice as hard as it needs to be.
>
> Does anyone know of a way to have a name other than `root'
> being the super user? (In LINUX.)
I have never tried it, but it should be simple. Edit /etc/passwd,
changing the name of the 'root' user to 'somethingelse'. You should
also have to change /etc/shadow. The magic thing about the root user is
that his userid is zero, not that his name is 'root'. Log-out and
Log-in; all files that used to say that they were owned by root should
now say that they are owned by 'somethingelse', because file
ownership/permissions are tracked by userid (ie zero,501) not name.
Gurus: Am I missing anything in the change-over process?
>
> (I would also want to hide his directory among all `normal' users)
I believe that the root user's home directory is '/root', so that this
directory is available even if mounting a different filesystem which
contains '/home' fails. It is not uncommon in UNIX shops to have all
machines mount '/home' as an NFS mount; you can sit at any machine on
the LAN and when you login, '/home/yourname' is your normal home
directory. If '/home' is not on a different filesystem, you should be
able to change the superuser's home directory by editing /etc/passwd.
Change the line for the superuser: change '/root' to
'/home/somethingelse' (but still, do not log-in as this user for
everyday use!!!!).
NOTE: this will not make anything more secure. If remote login is
disabled for root, then a remote user will have to compromise a NORMAL
user's passwd to get in (knowing only the root passwd will not be of any
help in this case!) Once a cracker is in as a normal user, he can 'cat
/etc/passwd', which will not let him see passwds (not even the encrypted
hash of the passwds (those are stored in /etc/shadow)), but he will
immediately see the username for the user whose userid is equal to zero.
In other words, the cracker will immediately know that 'john' is the
root user! This will be difficult/impossible to prevent; all users MUST
have permission to read /etc/passwd, there is no way around this. That
is why Shadow passwds were invented. Before the days of Shadow passwds,
every user could 'cat /etc/passwd' and see the encrypted hashes. Then,
the cracker could break the encryption by brute force, *back on his own
machine*! Then he could use the broken passwds to compromise your
machine. With Shadow passwds, the encrypted hash is stored in
/etc/shadow, which does NOT have to be world-readable.
If you want some stronger security, there are creative things that you
can do, like running all remote access inside a 'chroot' file cage (try
'man chroot'). Even if the cracker gets your root passwd, they can only
corrupt the bogus copy of your system files that exist inside the cage.
--ronan
----- End forwarded message -----
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:07:03 EDT