Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm involved in the task of creating a root filesystem for Beagleebone running Linux. Usually the filesystem is generated and configured with a single root user (for example with buildroot), which is the only user of the system. Does it mean that all the commands and applications are executed with root privileges (being that the only user of the system)? Isn't this a security issue? Would it be better to create a non-root user? What is the usual practice?
In a linux system there are many system users apart from root which may be used for specific purposes. If your embedded system is some kind of autonomous system (eg. a robot) and doesn't expose any services on a network or some kind of direct physical access to users, there's not so much to worry about. If it does then you should just check if the softwares in question really require root access or not. You can always create less privileged users to run them on your behalf, if they are not really made considering all security implications.
The Raspbery Pi Debian comes with root + a pi user "pre-installed", who has sudo rights. Modern Unix systems does not enable "native root login", so extra user is a need.
If your device is somehow connected to internet, I mean, there is a chance to reach it from internet or a wider LAN, you should follow some security guide lines (e.g. no root login). But if not, say, your device has no LAN access at all, don't worry such things.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I were using windows but now I am shift to unix like os sucn as linux,fedora .Now I am confused what is root in linux os?Please explain me.
Root user is also known as superuser in Linux-based OS. Basically, root user is granted all permission to do various task on that system. This includes adding/removing normal user account, managing services, changing ownership of files/folder and many more.
Normally, it is recommended for system administrator to create another normal user account to perform day-to-day operations while root account should only use when necessary. Once the system administrator has completed the necessary task, he/she will then revert back to their normal user account immediately. It is because a mistyped of command using root account might lead to wiping all data in the system!
For more information about root, you can visit here and here. Hope it helps.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Let's say I let my friend "Stuart" have an account on my VPS with very limited privileges because he asked very nicely. Since Stuart isn't so bright, he accidentally posts his password in an IRC chatroom, and now everyone and his/her grandma can ssh into his account. My question is, in the hands of an experienced hacker, what kind of damage can be done to the system?
Could someone just write a simple C program to intentionally manipulate a buffer overflow in strcpy and serve up a root shell for full control of the system, or are there built-in protections against that in the OS?
There are any number of attackers an attacker with local privileges could perform including but not limited to:
Fork Bombs
Accessing services bound to 127.0.0.1
Using your server as a proxy for malicious attacks
Serving malicious files from your server
Local exploits
Information Leakage
Mail relaying
etc
The attack you describe however is not possible as the file would have to have to be owned by root and have the setuid or setgid bits set.
Once someone has access to the machine, instead of needing a remote exploit, they only need to escalate privileges to have root access.
Remote exploits require having an external publicly-accessible vulnerable service. There shouldn't be any of those running on a standard VPS, assuming that it's being well maintained.
Once a remote user can authenticate, they can execute any code that's on the machine, or bring in more. If there is a bug in the kernel, or in any program that has setuid to root, they can use that to escalate their privileges to a user who has more power - like root.
So a simple buffer overflow in a custom program written by the attacker isn't your concern - that shouldn't allow them to have any extra power. What you're concerned about is a bug in the system that the attacker now has the access, and so, the ability, to exploit.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm about to hand out my root server password to a company for them to fix an issue that I have with mydns.
I'm sure they are all above board (and I will change the root password after they have finished) but I just want to be sure.
I know (well I think) I can login after them and execute history to see what they did, but I know if they are dishonest, they can just clear the history. I'm worried in case a rogue employee does something malicious or installs keylogging software (which has happened when my mate let another company manage his VPS).
So is there anything I can do? Does the history command backup somewhere? Can I install a keylogger to verify the commands they execute are not malicious?
Any ideas welcome. Ideally I appreciate I shouldn't give out my root password if I don't trust them. But I am in a very difficult situation and have no choice.
Since you are giving them root access, there is nothing you can do from within the machine that they could not subvert with a rootkit.
Your only way to be sure would be to mount the filesystem in another machine and compare the changes made to the files by comparing with a previously made snapshot/backup.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am new to Linux. I am interested in security too. I got to know from one of my friend that it is possible to get into root shell after login as a normal desktop user. I don't know how to do it. I only know its possible after exploiting some services.
When I search for the above topic, I come to that, first we need to find out SUID files, which are the executable files having special permissions. I used 'find / -perm +4000' command to get such files list.
I don know what to do after that and get into root shell. I need to find out such issues in my OS and need to patch it. Could you please help me?
After you get your list of root suid programs (this is just one of many starting points when trying to get root on a system) you have to find if any of them are vulnerable to buffer overflows (you can start searching the CVE database for their names) and get a shell payload to be executed when the hole is exploited (so you can get a root shell).
There are many resources on the topic and by googling for "buffer overflow" you'll get to them.
There's no generic way to do this; it depends on what vulnerabilities exist on the system you've logged into, and that can vary from machine to machine. You need to look at what version of the OS is running, what vulnerabilities are known in that OS version, and which patches haven't been installed on the machine in question.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
If the host machine has antivirus, antimalware, etc. then I would think the virtual machine accesses the Internet through the host, and doesn't need its own protection. Is that correct?
There aren't any reported cases of a breach wherein a vm which begins running malicious code is able to infect a host. However, theoretical concerns have been raised over this very issue. Worse, if a vm gets infected, it will likely end up running a bot that will scan your network (including possibly the host) and could easily discover a hole in your defenses.
So, even if you don't care much about the vm, it is highly advisable to engage in a rigorous strategy of protecting those machines with AV software and scheduled updates. It can be challenging if you don't turn the systems on that often. So, it's generally a good idea to schedule a time every few weeks that you turn on all vm/images and get them all up to date.
If you'd mention a particular virtual host vendor or package, more specific advice may be available as for how to go about developing your vm security protocol.
you should treat the virtual machine as if it were a real machine.
give it some protection.
If you use the virtual machine to do actual work besides testing - yes it should have antivirus, because it might jump over to the main machine if you move a file there. If it's just for sandbox testing of a program, you don't need antivirus or anything else, simply because you can always wipe the virtual harddrive.
No, Virtual machines will need the same treat as the real machine. But if you are not going to use it, I suggest you to turn on backups. It'll be easier to recover if your virtual machine has backups.