[OT] Re: Running graphical programs as root

[Kevin Chadwick]

On Fri, 11 May 2012 08:45:22 -0700
Ray Andrews wrote:

> Why can't I be informed if someone is trying to 
> start a shell on my machine remotely?

If they are coming in offically, you can. A simple iptables or
ufw stateful firewall will lock that down and could let you know.

If they exploit your browser then it just looks like you ran the shell,
though your browser may crash. A crash is unlikely to be a hacker of
course.

If they run sudo officially all actions as root are logged, If sudo
allows all as root or they find a root exploit they may prevent
logging and delete those logs.

If the root filesystem / is read-only and your running a grsecurity
kernel any remount will be logged.

Of course those logs may be deleted/prevented.

If you run apparmor, selinux or the more secure RBAC or RSBAC then you
can control everything, if you can afford the time or are controlling
something simple.

Again an attacker as root could attack the kernel itself to bypass that
unofficially. An OpenBSD kernel is a harder target but has no RBAC
option.

The difficulty and time for the attacker is ever increasing with these
scenarios though, Layers.

One last thing and you won't get me to respond again except maybe
privately or on another list.

There's a better reason not to run things as root, after all VLC is
always full of holes with so many codecs anyway. If your wireless
keyboard starts spitting out rubish into a root terminal you have su'd
to root on rather than using sudo then random damage could be done.

Simply unplugging your ethernet cable is a good way of reducing your
usefullness to a hacker and so likelihood of being targetted too.

Hackers can be fighting each other for control of your system and even
patching holes Microsoft haven't fixed yet without you ever knowing or
being affected aside from a slower system. Windows does slow down by
itself due to dumb design too of course.