[TAG] (forw) Re: (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

Sindi Keesan keesan at grex.cyberspace.org
Mon Jan 29 06:36:27 MSK 2007 

On Sun, 28 Jan 2007, Rick Moen wrote:

> Quoting Sindi Keesan (keesan at grex.cyberspace.org):
>
> [running routinely as root:]
>
>> So it is not obvious.
>
> Please understand I have nothing particularly to gain from convincing
> you, so basically you're going to have to figure this out on your own.
>
> You might wish to read "Firewalls" on http://linuxmafia.com/kb/Security/,
> which links to the complete 1994 book text of Cheswick & Bellovin's
> classic "Firewalls and Internet Security: Repelling the Wily Hacker",
> first edition, which explains basic principles of security such as why
> you want to always run processes with the minimum possible authority.

Thanks.
>
> [nmap:]
>
>> I don't have enough background to understand 99% of what is in manpages
>> starting with the vocabulary, and this one was about 100 pages long.
>
> _Obviously_ you don't read the whole thing.  Looking up and
> understanding the options I cited would take you all of 15 minutes.

But I don't understand the words they are using to explain the concepts. 
The only computer course I ever took was Fortran IV.  I will try to start 
with some basic reading.  I am not trying to be a system administrator, 
just to put together something I can use myself.

>>> You should re-read the explanation of why scanning a host from itself
>>> would normally be pointless.
>>
>> I tried to scan from a website
>
> That would be pointless for two different reasons:  (1) Results would
> often be inherently meaningless because of port-blocking, proxying,
> etc., between you and the Web site.  (2) You have no control or
> knowledge of how they're implementing their scans, and cannot know
> whether what they're doing is meaningless junk -- as is generally the
> case, with, e.g., Gibson Research's "Shields Up" site, for example.

If I cannot scan from my own computer or while online, how do I scan?

>> Our linux was designed to be used as root.
>
> Which is a bad design, ab initio.  Again, I have nothing to gain from
> convincing you of this.  However, I _can_ avoid wasting my time helping
> you tweak a setup I regard as misbegotten in the first place.
>
>> Is this discussion online so other users of our linux can read it and
>> comment?
>
> Ben would have to explain to you why our mailing list archive isn't
> accessible to the general public, since for the life of me I cannot.

Okay.  If you want to read our discussions of nmap and security bugs 
search on basiclinux archives for Jan 2007.

>
>

Sindi Keesan

More information about the TAG mailing list