* Su & Security
@ 2002-12-21 9:24 Peter
2002-12-21 16:57 ` Ray Olszewski
0 siblings, 1 reply; 4+ messages in thread
From: Peter @ 2002-12-21 9:24 UTC (permalink / raw
To: linux
Season Greetings
Is it a security risk when connected/ing to the Internet if
a) a terminal is open under su
b) an application like gtkdial must be opened as su to connect
c) an application like kppp needs the root password to be accessible
Regards and thank you to all those who did so patiently answer questions
throughout the year. Happy Holydays!
--
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Su & Security
2002-12-21 9:24 Su & Security Peter
@ 2002-12-21 16:57 ` Ray Olszewski
2002-12-22 4:31 ` Peter
2002-12-22 5:04 ` Peter
0 siblings, 2 replies; 4+ messages in thread
From: Ray Olszewski @ 2002-12-21 16:57 UTC (permalink / raw
To: linux
I don't quite understand your questions, Peter. "su" is an application used
to change userid, usually (but not always) from an ordinary userid to
superuser. So I have to guess a bit in responding, below, about what you
are actually asking.
At 05:24 PM 12/21/02 +0800, Peter wrote:
>Season Greetings
>
>Is it a security risk when connected/ing to the Internet if
>
>a) a terminal is open under su
Do you just mean that a console (or xterm or eterm) is open by the root
userid? It would be unusual for this by itself to be a security risk.
>b) an application like gtkdial must be opened as su to connect
Dialers normally need to run suid to access the modem device. (There are
alternatives to this, though -- on my systems, all /dev/ttyS* devices are
in group "dialout" and mode 660, so a dialer app need not be suid.) Unless
the app itself has a security problem (and while gtkdial itself is probably
pretty much secure, I have no idea what apps you might think are "like"
gtkdial), this should be no problem.
>c) an application like kppp needs the root password to be accessible
I can't figure out what you mean by "accessible" here (or, once again, what
apps "like" covers), so I can't really answer this one. The natural risk to
think of is that you might, for some reason, store the root password in a
plaintext file somewhere on the system ... but I can't imagine your not
seeing the security in risk in doing that without help from this list.
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA ray@comarre.com
-------------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Su & Security
2002-12-21 16:57 ` Ray Olszewski
@ 2002-12-22 4:31 ` Peter
2002-12-22 5:04 ` Peter
1 sibling, 0 replies; 4+ messages in thread
From: Peter @ 2002-12-22 4:31 UTC (permalink / raw
To: Ray Olszewski; +Cc: linux
Thanks Ray!
You guessed mostly right what I tried to ask.
to a) a terminal is open under su
When I need to be su I open an xterm with a blue color background and exit it
when I connect to the Internet. Now according to you I can leave it open.
to b) an application like gtkdial must be opened as su to connect
The "like" should better be "as" and your ansewer takes away by concern.
to c) an application like kppp needs the root password to be accessible
Again "accessible" should better read "open". I take it that your answer to b)
will apply as well to c)
Regards
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Su & Security
2002-12-21 16:57 ` Ray Olszewski
2002-12-22 4:31 ` Peter
@ 2002-12-22 5:04 ` Peter
1 sibling, 0 replies; 4+ messages in thread
From: Peter @ 2002-12-22 5:04 UTC (permalink / raw
To: Ray Olszewski; +Cc: linux
Thanks Ray!
You guessed mostly right what I tried to ask.
to a) a terminal is open under su
When I need to be su I open an xterm with a blue color background, so I know
it's su, and exit it when I connect to the Internet. Now according to you I
can leave it open.
to b) an application like gtkdial must be opened as su to connect
The "like" should better be "as" and your answer takes away by concern.
to c) an application like kppp needs the root password to be accessible
Again "accessible" should better read "open". I take it that your answer to b)
will apply as well to c)
Regards
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-12-22 5:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-21 9:24 Su & Security Peter
2002-12-21 16:57 ` Ray Olszewski
2002-12-22 4:31 ` Peter
2002-12-22 5:04 ` Peter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.