[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

Sat Jan 27 04:02:37 MSK 2007

On Fri, Jan 26, 2007 at 01:18:56PM -0500, Sindi Keesan wrote:
> On Fri, 26 Jan 2007, Benjamin A. Okopnik wrote:
> 
> >On Fri, Jan 26, 2007 at 02:09:35AM -0800, Sindi Keesan wrote:
> >>
> >>I don't even know what a network socket is.
> >
> >That's pretty much my point. The majority of those who run their
> >machines as root literally have _no_ idea of how exposed and vulnerable
> >they are.
> >
> >Sockets and ports are methods by which local and remote clients can
> >connect to your machine. Try running 'netstat'; this will show you a
> >list of your currently-open sockets and ports.
> 
> bash:  netstat:  command not found
> 
> You are making too many assumptions about my linux ;=)

Perhaps you're making too few assumptions about the necessary tools that
belong on a Linux box. :)

> >> Nobody in their right mind
> >>would want my system.  The software is 8 years out of date (the hardware
> >>is older than that) and the connection is dialup.  Should I be worried
> >>anyway?
> 
> >See my earlier point about resources. There are Russian and Polish
> >companies (and probably lots of others, but those seem to be at the
> >forefront) who will sell you their spam-distribution services and boast
> >of "thousands of 'captured' machines" that they use for the purpose.
> >It's a popular dodge for spammers these days, since it essentially
> >counters IP blocking.
> 
> I thought they went after broadband.  And Windows.  How exactly would they 
> attack a linux machine using dialup internet, without me noticing?

None of these attacks would be problems if the user on the system
noticed when they happened. They happen without you noticing *by
definition*. As to how, the answer is "via ports and sockets". For a
longer answer, I teach a five-day security course for Sun Microsystems
on that, $3495 per student. :) Or you could study up via the resources
available in many places on the Net.

> I do most of my browsing and emailing via a shell account to which I ssh 
> as root.  Am I still vulnerable to attack?

Are we still talking about your system, or did you just introduce
another one into the equation? Every open port and socket that you have
is a way for other systems to connect to yours. Each of them has its own
pros and cons. I couldn't begin to estimate what your exposure is,
except that everything I've heard from you so far tells me that you're
pretty vulnerable.

> >>The people we are giving 200MHz computers to don't have networks.  But
> >>they do need to print formatted papers for school, and webpages.
> >>
> >>I don't think I need CUPS.
> >
> >Given the above, why are you using a print server/scheduler at all? I
> >ran my system with nothing more than 'magicfilter' and a script to send
> >it to the appropriate filter for a couple of years when I was in a
> >similar situation, and it worked fine.
> 
> I don't know what magicfilter is, but I have a script that will let me 
> print from within X programs now, and don't even need a filter.  A few 
> years ago people using our distribution worked out how to use lpr and 
> printcap, but there is no need for them now.  I guess I should stop being 
> curious why lpr won't work for root.

You can find out about "magicfilter" by searching for it, and you have a
script that will print _some_ things but not others. I've been answering
the question that you asked initially; since you now appear to have
changed the question in the middle of the discussion, and since I'm not
interested in providing ongoing support for every possible problem in
your system, I'm going to call my end of it finished. Good luck.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *