Re: Safe practices
- From: BearItAll <spam@xxxxxxxxxxxxx>
- Date: Tue, 23 Jan 2007 10:23:51 +0000
Richard Kruse wrote:
Questions from a Linux newbie...
Assume I'm logged in to my (own) Linux system as a normal (non-root) user.
System is stand-alone, non-networked, but connected to internet via
always-on DSL. I'm "behind" a NAT DSL modem/router/firewall, using "1483
Bridged IP LLC". The Linux box thinks my IP address is 10.0.0.4.
Can a hacker even get in at all, past my modem/router/firewall?
And, assuming the answer to that is "YES"...
Occasionally I need to either "SU ROOT" or start a root-level xterm for
some system-level task.
While I try to accomplish those tasks as quickly as I can, and then exit
from that shell, I wonder: During that short time, am I exposing my
system's root-level "guts" to internet evildoers?
I can see by the other posts that you have your answer, but I thought that
it might be a bit confusing.
A Firewall doesn't actually do very much, all it really does is stop any
traffic aimed at a port that you don't allow, example, let's pretend for a
minute that your IP address is public (it isn't, but just to help explain
it). Someone might try to get to you through a port used for other purposes
other than communications,
That happens to be the Timeserver port address, because you may well have
some code responding to this port, so it might be crasheable or it might
just be fun to spin your days around, or might just give out information
that tells a hacker more than it is good for him to know.
Your Firewall prevents this sort of thing by limiting the ports available to
incoming traffic to those that you have allowed, probably 80 and 443.
This came about because at one time we were all very lax when it came to
these ports, we were also very lax when it came to the code that responds
to those ports that we use internal to our system. If there was no code to
respond then the firewall wouldn't be necessary, but of cause many ports
are used internally by your Linux system.
So your Firewall has ensured that you can relax about that side of things,
just don't open unnecessary ports.
Now for further protection you have to look to your own Linux box. Traffic
coming in from the Internet on port 80, what is it capable of doing? Well
so because it was intended as an aid to views without having access to the
local machine, other than through cookies.
Java might have been the next problem, which is why you have to be a bit
carefull of who and where you will accept java from. The engine has built
in safeguards, but the worry is that now that java is going open that it
might go off in various directions, chances are that we will have to be
very much more carefull in the future when new java-like engines come out.
Your 'su root' at your console:- You are in a different thread to the rest
of your shell, code can't jump from your gui shell into the session you are
in, nor can anything spy on it. There isn't a risk, other than the risk we
present ourselves. A badly typed commandline for example that can sweep
through the system and do damage as root would be very much less damaging
if it were ran as your user.
When people tell you not to log in as root, what they really mean is don't
log in to the gui as root instead of your user, except for particular
actions. Much better to let the system tell you when it is necessary to log
in as root. For example if you select an action in the control panel that
requires root, it will tell you. If there is a regular command you need to
run as root, and they will be some, then learn how to do that through
Incidentally, while you are new to Linux it is a good idea to have a second
user that you use while learning how best to make use of the commandline
and scripts. Keep your main user protected from mistakes. You don't have to
be paranoid about that, I just want you to have a protected user
environment that you can always return to for your general daily computing.
- Safe practices
- From: Richard Kruse
- Safe practices
- Prev by Date: Re: Safe practices
- Next by Date: Re: Plugins update?
- Previous by thread: Re: Safe practices
- Next by thread: Re: Safe practices