Re: root to ahab?

To: "Aaron J. Grier" <agrier%poofygoof.com@localhost>
Subject: Re: root to ahab?
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Mon, 20 Jul 2009 12:39:44 -0400

On Mon, 20 Jul 2009 09:25:02 -0700
"Aaron J. Grier" <agrier%poofygoof.com@localhost> wrote:

> On Mon, Jul 20, 2009 at 06:17:17PM +0200, Nino on NetBSD 4.0 wrote:
> > usermod -l ahab root
> > 
> > ... and it worked. - Frankly speaking, I saw no change at all, only
> > that root was now ahab. Is this a good idea? - I mean, if someone
> > attacks your system from the outside, he would this way not even
> > know which account he wants; you could infact install a totally
> > harmless user named "root", not even member of wheel, and thus
> > guide everyone into it. I am not very well-versed in these matters,
> > it was just a funny idea... but if it is a bad one, please tell me.
> 
> I'll let Dr. Bellovin comment on the security implications, but I
> would expect some scripts (installation, nightly maintenance runs) to
> start falling apart, since they assume the "root" account exists.

That one will require some thought, but offhand I don't see any
weaknesses.
> 
> let us know what you find.
> 

Definite problems -- a quick grep shows several scripts in rc.d that
assume root (ipfs, cleartmp, perusertmp, motd, maybe others).

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- root to ahab?
  - From: Nino on NetBSD 4.0
- Re: root to ahab?
  - From: Aaron J. Grier

Prev by Date: Re: root to ahab?
Next by Date: Re: mt remote operation not working
Previous by Thread: Re: root to ahab?
Next by Thread: HELP! with config <config file>
Indexes:

Home | Main Index | Thread Index | Old Index