The UNIX Forums
 "Join the Network of UNIX System Users"

UNIX Forums » Network Security for Dummies Q & A » root owner of daemons?

 
Printable Version | Email to Friend | Subscription | Favorites
Subject: root owner of daemons?
Jat
Newbie
Rank: 1



UID 196
Digest Posts 0
Credits 0
Posts 21
Reading Access 10
Registered Apr 25, 2007
Status Offline
#1
Post at Jun 6, 2007 09:22 AM  Profile | P.M. 
root owner of daemons?



root owner of daemons?



hi all,

what happens if i have a service running as root?

if it is exploited what would happen?
can a hacker actually becomes a hacker and screw up my whole box?


Top
AmeryWeb
Newbie
Rank: 1



UID 51
Digest Posts 0
Credits 0
Posts 26
Reading Access 10
Registered Apr 25, 2007
Status Offline
#2
Post at Jun 6, 2007 09:22 AM  Profile | P.M. 
one of the dangers of running a daemon as root is that if a malicious user can cause the daemon to crash, it is possible to execute arbitrary code with the privileges of the user that runs the daemon. in the case of root this means there is a possibility of having complete control of the system. many root-kits incorporate a compromise of a daemon that is used to install a root-backdoor which the attacker can then use to log in and gain a full system-level shell account.

if you run your daemon as a normal user, the attacker is limited by the permissions of that user. run as nobody to give the least possible permissions. if you must have root to bind to ports less than 1024, drop privileges as soon as possible.
Top
 

 

All times are GMT, the time now is Jan 8, 2009 04:48 PM

Powered by Discuz! 5.0.0  © 2001-2006 UNIX Forums
Processed in 0.028106 second(s), 6 queries
TOP

Clear Cookies - Contact Us - UNIX Help - Archiver - WAP