Re: Please settle an argument...

Your buddy is correct. You are not. As long as your machine is wired (or "unwired") and accessible to the outside world, or has access to the outside world you are most certainly vulnerable.

Now whether someone is going to dump the time required to jack around with your system is the real question. Chances are it would be easier to threaten you with a .45 ACP to logon and get what is needed.

End of argument.

It could probably be explained a little more for him...

The user privs you use on a normal basis really has nothing to do with how much or little your box can be hacked. The key factor is what the other person can do on your system once they've nailed you.

For example, if you were lurking around on irc as a plain user without wheel privs, the other person has to be more creative to find a way to elavate their privs to do more on the system than that user is allowed. Often the more 'creative' they have to be, the more tracks they leave. If you were doing the same logged in as root.. you just handed them your entire box on a silver platter.

in theory at least..

Sorta...

This is not entirely accurate. There are many, many exploits out there that elevate privileges from whatever level they are run at via clever manipulation of bugs or vulnerabilities. Also bear in mind that the majority of virus activity we're seeing is in the form of macro viruses - an application-level problem. Worms (such as slammer) are also exploiting weaknesses or bugs in a networked application (in this case, SQL). Unfortunately, OS architecture can only go so far in preventing things like this from happening: bad code facilitates this behaviour as much as architectural flaws.

No, it most definitely is by default. Right-click a folder on a Windows 2000 server and notice the tab marked 'Security'. This can be done from a default install, non-dcpromo'd box.

If you mean that the initial permissions on many objects are too loose, then yes, I would agree - especially if the box is running IIS. But there's a whole other pile of problems that go along with that, not just permissions.

Nope. Most of the exploits you see are just that: exploiting vulnerabilities in a given application or portion of the OS. While permissions *may* be able to contain some of the damage from that exploit, the fact remains that you've still got a vulnerability and it's allowing something to happen that shouldn't. It'd be the same on any other platform, pretty much. Viruses (again): mostly caused by application issues these days (I mean, really - when was the last time you ran across a boot sector or .COM infector virus in the wild?).

As for users needing to know about file permissions... They shouldn't have to. That's something the administrators should be competent enough to handle. However, incompetent administrators aren't limited to the Windows world: I've worked on enough 0wn3d default-install (mostly) RedHat boxes to know that stupid exists on all platforms.

Re: Re: Sorta...

It does; I'm using it right now. 9x does as well, but only in a very rudimentary way - there are no multi-user privileges that can be set per se.

OK. This is where I'm going to disagree, and here's why: home users are the same people that go to work during the day and don't know what they're doing on the network there. Trying to make them SAs isn't going to work when they can't get a handle on printing a document from Word.

The best thing for them is a Linksys router (say, this one) set to block common trojan ports and all NetBIOS traffic, and current antivirus software on each machine. This is about the level that most people are at - they don't need the best-engineered solution in the world, just something that they can cope with.

First, I would like to thank you for your excellent and enlightning replies.

Second, I would like to appologize for not having been more specific;
1 - the "logged on as root" situation is not a permanent thing. Only for some periods of time when necessary. Unfortunately, sometimes it can get uncomfortably long.

2 - the box has no services running other than a basic Apache service on port 80.

3 - iptables has everything locked up solid right off the bat, with a couple of ports cautiously opened only for "ESTABLISHED,RELATED" stuff.

4 - kernel 2.4.+

Now, I beg of you, please don't tell me I put too much faith in netfilter.
I love netfilter.
Netfilter is my god and master...

Ok, seriously now. Are you guys saying that netfilter is not perfect?

Don't log on as root. Log on as a user, then su to root. Do what you need to do, then exit the session. Are you running X on this box?

Assuming your apache install isn't a vulnerable one and isn't running as root, you should be relatively ok. Also cut down the number of modules httpd.conf calls to the bare minimum needed for what you're doing in the way of webserving.

You might want to look into snort. I'd recommend portsentry as well, but as their parent company's site now redirects to Cisco's, I'm assuming they've been bought out; if the url turns up under my nose I'll post it. In any event, they're both worth looking into for their ability to dynamically modify an iptables ruleset in realtime based on criteria you configure.

Much in this instance depends on how the kernel was built, but off the bat as long as it's a recent (2.4.18+) one you should be OK.

No... Just that anytime you rely on a single solution for everthying you're also relying on what's potentially a single point of failure.

It is almost never necessary to log in as root. I can only think of one instance where I actually had to log in as root because I needed to be in root's X session (rather than simply needing root's environment).

You should, instead, get in the habit of logging in as a user, then using su or su- to become root to do the task that you need root's permissions or root's environment for, then exit that shell immediately after you have finished.

Not only is this more secure, it also keeps you from having the permissions to accidently do dumb things to your system.

My personal favorite was the time I did the `rm -rf etc/' to remove an errantly-ungzipped package, not realising that I had typed `cd /' ahead of it.

I still feel dumb about that one.

I think every admin has had a similar experience...mine was:

# rm -rf ../* <--think about it...but don't try it unless you want your entire filesystem deleted.

as a standard running as root when you dont have to, as mentioned above is never a wise choice... it is evan worse that you let others know about the fact you are running as root most if not all of the time... you should not trust any software/code you have obtained though the internet enufh to indiscrimantly run it as root.... many popular software packages were backdoored in the quite recent past and it would be a mistake to think this has not./will not happen again..... not to mention a host security holes you may be exposeing your self to by letting any application you are running have total access to your entire file system.. you accidently accept all dccs from a firend he sends you a tricky .bash-profile .. :(

It looks like I lost the argument.
I'll have to revise my "theories".

Thanks for sharing your wisdom.

[ edit ]

One last question about this issue;
Let's say that working as root is sometimes inevitable, what would you guys recommend as the best thing to do to minimize risks of intrusion during those times ?

unplug when doing things that do not require a connection, elsewise su.

We won't say that, because it isn't. That's what su and su- are for. Being logged in to a root shell on a box does not present the same level of risk as being logged in to the box as root.

If you are logged in and ircing as "nonrootuser" and su or sudo something you need root priv's for, youve done everything you can, short of unplugging the network cable, unplugging the box and dismantling the motherboard.