On Thu, 2005-28-04 at 10:38 -0700, John Wendel wrote: > William Hooper wrote: > > > > Well, the question asked would be nice: > > "Thus it has some method of getting root privileges." > > > > The response: > > "Inexperienced sysadmins." > > > > The quote showing that was the case: > > "Daniel Kirsten wrote: > > 'Yesterday, I examined the directory ~daikanyama/.undernet and probably I > > executed mech as root. The file mech is indeed infected by Linux/Rst-B. > > This explains everything.......' > > > > So the "method of getting root privileges" is "regular users of their own > > machines" running random executables (like the ones downloaded by a script > > kiddie) as root. > > > > I'm interested in hearing how you would like to close this vulnerability. > > > > -- > > William Hooper > > > > I should probably keep quiet, but I don't really mind looking like a fool. > > I'm an "inexperienced sysadmin" for my Linux boxes, and I have > destroyed a few by doing stupid things, like running an untested > script (that I wrote) as root that deleted all the file in /etc. > > What I'd really like is for system files to be mounted read only. > Maybe by having a hardware switch that makes the system disk read > only. Booting from a DVD that contained everything except /var, /tmp, > and /home would be another alternative. This of course requires that > everyone cleans up their code to only update files in /var, instead of > writing in /etc. There are a number of thing an experienced administrator can do to alleviate these problems. Unfortunately many of the people who are using or want to use Linux are not experienced administrators. There are a number of options that can be used to mount partitions with more strict permissions, but in order for that to work, more directories need to be mounted in separate partitions. There is not a lot of consensus on how to define what partitions should be created or how big they need to be or with what permissions they should have, so administrators tend to customize each machine for the situation in which it will be used. A long, long time ago Redhat decided how it was going to arrange the locations of system files and add on packages. I seem to recall questioning some of the file locations back around 3 or 4 but decided to just live with Redhats file locations. Unfortunately I am not alone in questioning some of the file locations. If files were placed in locations more consistent with old school hierarchal system used by most BSD systems and a few Linux distributions, it would be easier to protect the base system binaries and configuration files. SELinux has a lot of promise in alleviating the file location issues. SELinux is supposed to be able to properly secure a system without having to create a bunch of partitions with different mounting options. It should allow a more general file system structure that is not dependant on the situation in which the machine will be used, as is created by the current default install. > > I'm sure some smart people have already worked out the details for a > system like this. Anyone aware of this kind of work? I'd be interested > in seeing it. > > Thanks, > > John Wendel
