Is enabling su a security risk?...rhetorical question

For discussions about security.
Post Reply
Message
Author
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

Is enabling su a security risk?...rhetorical question

#1 Post by s243a »

On criticism that puppylinux gets regarding security is that everything runs as root.

However, nothing is stopping one on puppylinux from running applications as spot. For instance I start freenet with the following command:

Code: Select all

nohup su -c "sh run.sh start" spot& 
recently, I was trying to get ssh working fatdog64 (see thread) and since the default pasword wasn't working I tried to see if I could change the password with the passwd command.

This worked but I noticed that I was now able to use the su command to gain root access while using spot. I think that this ability might have been disabled by default (or perhaps I changed my password and don't remember). Needless to say that if spot can gain root access then I should probably pick a different password then the default, otherwise any application that knows puppylinuxes default password could in theory gain root access.

I recall Bary saying before that su and sudo partly defeat the purposes of having less privileged users. Perhaps this is what he meant by it.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#2 Post by Lobster »

Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Post Reply