MAC OS X tiger help for a Windows technician

Alex Satrapa grail at goldweb.com.au
Thu Jun 14 19:00:34 PDT 2007 

On 15/06/2007, at 06:43 , Karl Kuehn wrote:

> Are you intentionally being rude? Does this really work for you? Do  
> you really think it is appropriate on a public forum? Do you really  
> think it brings the conversation any further?

Dan has just been doing administratorly things for so long that he  
can no longer grasp the concept that some people don't understand  
Unix administration. This lack of comprehension leads to frustration  
when dealing with people whose knowledge domain isn't a full subset  
of his own, and this frustration results in the BOFH attitude which  
Dan has been affecting these last couple of months.

>> If you're concerned that someone other than you will guess your  
>> root password and login then you need to find someone else who be  
>> your security manager b/c you clearly have no clue.
>
> 	Rather than insulting people because they don't agree with you,  
> you could put out reasonable arguments. For example I could point  
> out that most of the SSH scripts (and any other takeover kit) aim  
> at 'root' as one of their dictionary attacks.

The main risk of enabling root login is that it becomes easier for  
remote attackers to log in as root. If root login is not enabled,  
remote attackers first have to log in as a local user, then find a  
locally exploitable privilege escalation vulnerability. The increased  
difficulty is due to having to guess not just the password, but a  
local user name.

You can mitigate this risk by simply not turning on Telnet, and  
configuring SSH to:
  - not allow root logins
  - only allow specific users to log in
  - not allow password logins (you must use a key)
  - do not use administrative accounts for day to day use

(Check http://enterprise.linux.com/article.pl? 
sid=07/03/26/1423232&tid=129 for more on the topic of SSH security)

Another risk of enabling the root login is that it becomes possible  
to trick some applications into launching a root shell. In some cases  
these can be mitigated by disabling the root account: set the  
password field for root to "x" or some such (as per your local  
convention), and give root a shell of /bin/false (noting that the  
password field is where you store the encrypted password, so 'x'  
cannot possibly map to any password).

Yes, there are risks involved with enabling root logins on any  
system. Once you can identify the risks, you can take steps to  
mitigate the risk. However, since I know that I don't know all the  
risks I choose to not enable root logins. It isn't really that hard  
to type "sudo zsh".

Alex

More information about the MacOSX-admin mailing list