Date: Wed, 2 Feb 2005 23:44:07 -0500 From: Louis LeBlanc <FreeBSD@keyslapper.net> To: freebsd-questions@freebsd.org Subject: Re: xhost +localhost Message-ID: <20050203044407.GA34375@keyslapper.net> In-Reply-To: <ef60af0905020218193eea1fc9@mail.gmail.com> References: <20050202210526.GC77499@keyslapper.net> <42014E0A.5070003@mac.com> <20050202221851.GE77499@keyslapper.net> <ef60af09050202143655b26622@mail.gmail.com> <20050202224322.GF77499@keyslapper.net> <ef60af0905020215055e07b83e@mail.gmail.com> <20050202234814.GA24792@keyslapper.net> <ef60af0905020216106024d750@mail.gmail.com> <420174BC.8090609@cis.strath.ac.uk> <ef60af0905020218193eea1fc9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 02/03/05 03:19 AM, Gert Cuykens sat at the `puter and typed: > > Don't want to be rude but do you have a specific reason for running > > xscreensaver as root? > >=20 > > Chris >=20 > Well the reason is very simple actuale lets pretend we have a user > gert. User gert has alot of pictures and music stuff phone numbers > user gert dont want does things to be gone. Somebody hacks user gert > because user gert uses a screensaver. And the hacker deletes all > files. User gert is not happy because he lost everything. Do you think > user gert gives a chit that the system was untouched because the > hacker did not had root permission ? You've made backups, right? That would be the standard method of protecting these files. Trust me, EVERY other person on this list has files they value above their system. The system is ALWAYS easier to restore than lost data. The problem is that with root permission, a hacker can do a LOT more damage than just *your system*, and with root, it is pretty trivial to cover their tracks so that when the men in black come to your door and ask to see your computer logs, it looks like you're the one that's been trying to hack the NSA. Then you'd care if they had root access. > For me its wrong to think user accounts are not importend because they > do for the average window xp single user. They dont care about viruses > infection on there system reinstalling everything they care about > there files. So if sreensaver is a securty risc as root i doesnt mean > its not a security risck for a user account. The only differens > between a root and user should be that users can not read or mess with > other users files. The security sould be EXACTLY the same. So if root > can not run a screensaver then the users can also not run a > screensaver. There's a lot more to system security than virus protection. There's secure passwords, restriction of root access, backups, firewalls, and a lot more. The fact that Windows often has to provide authoritative access to all users has been one of it's biggest vulnerabilities to virii. If everyone on *nix systems had administration privileges, you'd probably see quite a few worms working their way around these systems. And FTR, nobody can even frickin' PRINT to a NETWORK printer in XP without admin privs! How *stupid* is that!? My advice, get a backup process going and use a non root account. Lock down root, and use secure passwords. You can restrict access to any user account in a number of ways. I have some accounts with abysmally simple passwords, but they aren't allowed to log in non-locally in any way, shape or form. The only one that is, is quite limited to how and from where it can log in, and it uses a reasonably secure password. Is my system "secure"? Well, to a pretty good extent, I think it is. Secure enough to make it not worth the effort to your average to moderately savvy cracker. More so than I've made it in the past at any rate. I still watch closely for any signs of attempts, and deal with those I think are worthy of attention, but I don't worry so much now. That's basic admin, isn't it guys? I'm sure there will be a few additions to this, and possibly even a more organized listing of best practices, but I'm too tired to find the list right now - it's probably right there in the handbook anyway. Lou --=20 Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Key fingerprint =3D C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Begathon, n.: A multi-day event on public television, used to raise money so you won't have to watch commercials. --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCAawXr4Wi/oDI2aIRAobgAJ9XPdEqXBfOftm1h1vzgQFNU3sZ+wCdGKrs +GoWBOPCAv5bsJ6hJ4wXEPw= =mFgE -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050203044407.GA34375>