[TriLUG] Privileges and Social Engineering

Tue Jun 15 12:49:46 EDT 2004

On Sat Jun 12, Jeff Tickle wrote:

> On Fri, 2004-06-11 at 21:30, Mike Fieschko wrote:
> > One of the Mandrake security levels doesn't allow any
> > root login.  I hope that Mandrake's install requires a
> > nonroot account, especially if that security level is
> > selected.  You can still do `su root` or `su - root`, of
> > course.  My $0.02: if a box has a NIC, or if networking
> > is otherwise set up, then no root login ought to be
> > allowed.
> 
> I don't really see the point in preventing root login.  As
> long as you have a secure password, it shouldn't really be
> a problem... and if there's a possible vulnerability that
> allows someone to get around the root password, couldn't
> there also be a vulnerability that allows them to get
> around root login being blocked?  I mean at some point you
> have to be able to access root, even if its through su or
> sudo, and unless you totally remove that root user
> privilege, there's still a risk.  I'd just like to hear a
> bit more on this explanation if you don't mind,
> maybe there's some factor that I don't know.
>

Sorry for the delay in replying, but I've been away from the keyboard.  I was thinking of password guessing, yes.  As a little more explanation of my thinking, I had in mind an ordinary person, inexperienced with Linux, the sort of person who selects their birthday / spouse's name, or the like for their login password.  The original post, IIRC, spoke of such an inexperienced user.

Disabling root login makes password guessing more difficult, since if root login is disabled, then the bad guy needs to not only guess a password, but guess the password of a user in the group permitted to su.

About secure passwords, I've seen warnings when a dictionary entry is selected as a password (Mandrake again?), but the warning doesn't prevent the user selecting the dictionary entry as a password.

> Obviously there's a great possibility Linux has a security
> hole in it somewhere.  But you can't live life on fears
> like that; only on the fact that the release cycle for
> Free software (especially when it comes to security
> issues) is very, very fast.  ;-)
> 
> > No matter how the installer words the warning, it'll be
> > ignored by folks, just as motd is.
> 
> This is the situation where I agree with disabling root
> logins.  Not for security against hacking or viruses, but
> for security against users who don't understand security.
> So the theoretical installer designed for the simplest of
> users would not give any indication that "root" is a user
> you can actually log into the system as, and if anyone
> ever got the idea to try logging in as root, it would fail
> anyway.  So in a way you're right... if it's worded as a
> warning, no one will heed it.  Don't word it as a warning.
> Word it as though there's no other way to do it. 
> The linux geeks will know better (and hopefully understand
> security), and the regular users won't realize that root
> is actually a user, simply because there's no indication
> of that.  There's just a configuration password and their
> user account.