xhost +localhost

Louis LeBlanc FreeBSD at keyslapper.net
Wed Feb 2 20:44:10 PST 2005

On 02/03/05 03:19 AM, Gert Cuykens sat at the `puter and typed:
> > Don't want to be rude but do you have a specific reason for running
> > xscreensaver as root?
> > 
> > Chris
> Well the reason is very simple actuale lets pretend we have a user
> gert. User gert has alot of pictures and music stuff phone numbers
> user gert dont want does things to be gone. Somebody hacks user gert
> because user gert uses a screensaver. And the hacker deletes all
> files. User gert is not happy because he lost everything. Do you think
> user gert gives a chit that the system was untouched because the
> hacker did not had root permission ?

You've made backups, right?  That would be the standard method of
protecting these files.  Trust me, EVERY other person on this list has
files they value above their system.  The system is ALWAYS easier to
restore than lost data.  The problem is that with root permission, a
hacker can do a LOT more damage than just *your system*, and with
root, it is pretty trivial to cover their tracks so that when the men
in black come to your door and ask to see your computer logs, it looks
like you're the one that's been trying to hack the NSA.  Then you'd
care if they had root access.

> For me its wrong to think user accounts are not importend because they
> do for the average window xp single user. They dont care about viruses
> infection on there system reinstalling everything they care about
> there files.  So if sreensaver is a securty risc as root i doesnt mean
> its not a security risck for a user account. The only differens
> between a root and user should be that users can not read or mess with
> other users files. The security sould be EXACTLY the same. So if root
> can not run a screensaver then the users can also not run a
> screensaver.

There's a lot more to system security than virus protection.  There's
secure passwords, restriction of root access, backups, firewalls, and
a lot more.  The fact that Windows often has to provide authoritative
access to all users has been one of it's biggest vulnerabilities to
virii.  If everyone on *nix systems had administration privileges,
you'd probably see quite a few worms working their way around these
systems.  And FTR, nobody can even frickin' PRINT to a NETWORK printer
in XP without admin privs! How *stupid* is that!?

My advice, get a backup process going and use a non root account.
Lock down root, and use secure passwords.  You can restrict access to
any user account in a number of ways.  I have some accounts with
abysmally simple passwords, but they aren't allowed to log in
non-locally in any way, shape or form.  The only one that is, is quite
limited to how and from where it can log in, and it uses a reasonably
secure password.

Is my system "secure"?  Well, to a pretty good extent, I think it is.
Secure enough to make it not worth the effort to your average to
moderately savvy cracker.  More so than I've made it in the past at
any rate.  I still watch closely for any signs of attempts, and deal
with those I think are worthy of attention, but I don't worry so much

That's basic admin, isn't it guys?

I'm sure there will be a few additions to this, and possibly even a
more organized listing of best practices, but I'm too tired to find
the list right now - it's probably right there in the handbook anyway.

Louis LeBlanc                          FreeBSD-at-keyslapper-DOT-net
Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
Key fingerprint = C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2

Begathon, n.:
  A multi-day event on public television, used to raise money so
  you won't have to watch commercials.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050202/a578db07/attachment.bin

More information about the freebsd-questions mailing list