[TAG] (forw) Re: (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

Mon Jan 29 03:21:21 MSK 2007

----- Forwarded message from Sindi Keesan <keesan at grex.cyberspace.org> -----

Date: Sun, 28 Jan 2007 13:02:38 -0500 (EST)
From: Sindi Keesan <keesan at grex.cyberspace.org>
To: TAG <tag at lists.linuxgazette.net>
To: Rick Moen <rick at linuxmafia.com>
Subject: Re: [TAG] (forw) Re: (forw) Re: lpr works for user not root in
 Basiclinux 2.1

On Sun, 28 Jan 2007, Rick Moen wrote:

>Quoting Sindi Keesan (keesan at grex.cyberspace.org):
>
>>But if I run chrootkit and it finds nothing, and I am not running any
>>network services when I go online, can I continue as root without
>>worrying?
>
>No.  Your question is a complete and total non-sequitur to what I just
>got through saying, and carrying out online activity as the root user,
>or indeed any activity at all that doesn't require root access, remains
>reckless and ill-advised for reasons that frankly should be obvious --
>completely without regard to whether you're even running network daemons
>at all.

I mentioned a while ago that I had clones of the same linux on several 
computers so I am not concerned about accidentally wiping out files.
And from what various people have told me one cannot hack my system if I 
have no network daemons running and X only has local access and Opera has 
no vulnerabilities.  And chkrootkit found nothing after four years.   So 
it is not obvious.  I am not trying to be intentionally stupid.

>The non-sequitur nature of that question suggests to me that you
>probably are not really heeding what people are saying, in this thread,
>or it seems likely that you would not make such comments.

I don't claim to understand it all.

>>># nmap -vv -sT -sR -O -o N /tmp/nmap-tcp.log -n 157.22.20.227
>>># nmap -vv -sU -sR -O -n -oN /tmp/nmap-udp.log -n 157.22.20.227
>>># nmap -vv -sA -sR -O -n -oN /tmp/nmap-ack.log -n 157.22.20.227
>>
>>You are way beyond me already.
>
>No, I'm certainly not.  For heaven's sake, if you're curious about what
>those options mean, they're detailed right in the manpage.

I don't have enough background to understand 99% of what is in manpages 
starting with the vocabulary, and this one was about 100 pages long.  I 
was rather surprised that I managed to use nmap at all.  I am not a 
computer professional, just don't like MS or GUIs in general and am 
willing to work hard to bypass them.  I found a chapter in Running Linux 
ver 3 about TCP UDP and ACK which I will read.

>>Should I do the same as above but substitute the IP address
>>assigned when I dial the ISP?
>
>You should re-read the explanation of why scanning a host from itself
>would normally be pointless.

I tried to scan from a website and it listed a lot of things that are 
probably at my ISP since I don't have them running here, even though it 
was using my IPLOCAL number.  My linux list members will explain this.

>>I will look for chrootkit.
>
>chkrootkit is a last-gasp but highly fallible attempt to detect security
>disasters after all your real defences and precautions have failed.
>Your biggest problem is that you're going around defeating precautions
>(e.g., insisting on using the root account routinely) and eschewing
>defences.  _That_ is what should be getting your attention.

I understand this is like using f-prot rather than being careful not to 
download viruses in the first place.

Our linux was designed to be used as root.  The author and other users who 
understand security say this is safe in our case.  There is no evidence 
yet in 4 years that this makes it insecure.  It did not come with network 
servers (I added the telnetd in busybox).  And it is a great deal of 
trouble and is more likely to cause problems if I keep changing 
permissions on all sorts of things each time I want to use another program 
as user.

Which is why I asked for help with lpr.

Is this discussion online so other users of our linux can read it and 
comment?

I am grateful for the education and I apologize for my ignorance.

Sindi Keesan

----- End forwarded message -----