Renaming root account

Bigby Findrake bigby at ephemeron.org
Thu Mar 3 08:16:24 GMT 2005 

There may be others, but here are 2...

1. It's not a *good* idea because it's security through obscurity.  It's
not a bad idea on that account, but you should realize the limitations of
security through obscurity when using that tactic.

2. It's a *bad* idea because you don't know what things *might* break down
the road, even if you did manage to either verify that nothing would break
currently if you made the change or fixed everything that would break
currently if you made the change.

Also, as you suggest in your question, I believe that most binary
executables use "uid 0" vs "root", so changing the name of the account
there might be of limited use.

Additionally, with many remote attack types (eg. remote buffer overflows),
the attacker does not need to know what access he is trying to get (eg.
root or non-root), only what service her/his attack will use as a vector.
For example, a remote attacker may not know that sendmail is running as
the user "root" or "fakeroot," but neither does the attacker need to know
what user sendmail is running as *if s/he is successfully able to execute
her/his code* - s/he has gained some sort of access, privileged or
otherwise.

On Thu, 3 Mar 2005, Craig Edwards wrote:

> Hi everyone,
>
> One quick question: Is it safe and/or sensible to rename the root
> account, so that the only uid 0 user on a system is something different
> to root? I can see how this would be effective against external
> attackers who have no knowledge of the internals of the system as they
> would spend pointless hours trying to crack a user which doesnt exist,
> however to internal users they could always just cat /etc/passwd and see
> that root has been renamed. So firstly, is this possible, and security
> wise is it of any real use? Can anyone think of any apps it would break
> that assume that the uid 0 user is called root and don't just address
> the user by its uid?
>
> Thanks,
> Craig Edwards
>
> --
> WinBot IRC client developer: http://www.winbot.co.uk
> ChatSpike - The users network: http://www.chatspike.net
> InspIRCd - Modular IRC server: http://www.inspircd.org
> Online RPG Developer: http://www.ssod.org
> --Signature by unknown keyid: 0x1962FC10
>


/-------------------------------------------------------------------------/
"It was half way to Rivendell when the drugs began to take hold"
  --Hunter S Tolkien "Fear and Loathing in Barad Dur"

                    finger://bigby@ephemeron.org
                    http://www.ephemeron.org/~bigby/
                news://news.ephemeron.org/alt.lemurs
/-------------------------------------------------------------------------/

More information about the freebsd-security mailing list