Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: PokeyJoe

Surely it's not that simple.

You would normally su to root to install the software. While unzipping and untarring the executables wouldn't do anything, they probably contain executables will be owned by root and can therefore run as root if the suid bit is turned on.

So even if you're browsing the web as Joe Blow, you might not be safe.

Of course, most savvy Unix SAs install things like web servers under an account like 'nobody' that is deliberately designed to have no privileges at all. But many would unthinkingly su to root to install client software on workstation machines.


25 posted on 09/21/2005 9:08:22 AM PDT by proxy_user
[ Post Reply | Private Reply | To 21 | View Replies ]

To: proxy_user; PokeyJoe
Correct me if I'm wrong, but doesn't apt normally run as root?
28 posted on 09/21/2005 10:22:36 AM PDT by general_re ("Frantic orthodoxy is never rooted in faith, but in doubt." - Reinhold Niebuhr)
[ Post Reply | Private Reply | To 25 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson