PDA

View Full Version : Re: A folder of our own...



Jake Hawkes
2003-12-17, 08:34
I like /etc/SlimServer and /usr/local/SlimServer

I would also like to get away from running the server as a user, and instead run it as root.
People probably already do that.

a gentoo package would rock, and I *will* learn how to make one soon :)




=====
Jacob Hawkes, B. Eng (CSE)
jakehawkes2001 (AT) yahoo (DOT) com
http://www.infinitylimited.net/

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

Andrew Arensburger
2003-12-17, 16:05
On Wed, 17 Dec 2003, Jake Hawkes wrote:
> I would also like to get away from running the server as a user, and i
>>nstead run it as root.

If my opinion counts at all, I strongly vote against this.
Root is omnipotent. Root can format disks, delete security logs,
overwrite kernel memory, read /etc/master.pwd, run untraceable mail and
web forwarders, and provide bogus DNS data to help hide spammers' tracks.
Which of these capabilities does SlimServer require? Why?
Now consider that most of the viruses that plague Windows users do
exactly these things (install mail forwarders, DNS servers, etc.). And a
lot of IE exploits have involved bugs whereby feeding it bogus data (by
visiting a specially-crafter web page, for instance) it can execute
arbitrary data. Why would you want to open that particular can of worms?
One of the things that endeared SlimServer to me was that it
_doesn't_ run as root (heck, I don't even run it as me; it doesn't have
permission to overwrite my MP3 files). So if it contains malicious code,
at least it can't trash my system or set up a server on a privileged port.
I say let's keep it that way.

--
Andrew Arensburger Actually, these _do_ represent the
arensb (AT) ooblick (DOT) com opinions of ooblick.com!
Generic Tagline V 6.01

Jack Coates
2003-12-17, 21:28
On Wed, 2003-12-17 at 07:34, Jake Hawkes wrote:
> I like /etc/SlimServer and /usr/local/SlimServer
>
> I would also like to get away from running the server as a user, and instead run it as root.
> People probably already do that.
>

uh, no. Bad idea.
--
Jack at Monkeynoodle Dot Org: It's A Scientific Venture...
************************************************** ********************
* "So keep that phone out of my way for the things I must say are *
* empty if you don't believe they're true." *
* -- The Price I Pay from Worker's Playtime by Billy Bragg *
************************************************** ********************

Will McDonald
2003-12-18, 08:49
> > I would also like to get away from running the server as a user, and
> > instead run it as root.

Absolutely and totally not. The general reasons already stated are good
enough, but remember the fact that slimserver runs not one but two
network services. It would be irresponsible in the extreme to ship a
default configuration that exposed users for no reason. If you want to
run your server as root, set user=root in your init script.

--
---------Will McDonald-----------------will (AT) upl (DOT) cs.wisc.edu----------
GPG encrypted mail preferred. Join the web-o-trust! Key ID: F4332B28