![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
alexpgp Root me! Root me!
They oughta take a gun and shoot me
Piss-poor security
Feeds vulnerability,
(with apologies to Roger Miller)
A long, long time ago (and here, I'll stop and consciously not try to get cute with the lyrics to American Pie)... Let me start again...
A couple of years ago, someone not only rooted my trusty 486 SX box running RedHat Linux 4.2, but announced the accomplishment by issuing the `rm -fr *' command from the root directory. For those not up to speed in the language of Unix (or its sibling Linux, or - as is commonly written - *nix, signifying the family of Unix-like operating systems), the command `rm -fr *' instructs the operating system to erase every file in the current directory and all directories in the current directory, recursively (in other words: erase every file on the machine). The `root' account on a *nix system is the account that can do anything and everything on the system (basically ignoring all permission settings on files). The `root' account is the `superuser', the Boss, the Head Enchilada, the Big Kahuna. There are those who suggest that an acceptable alternative spelling of `root' is `G-o-d'.
The use of the word `root' as a verb signifies the act of breaking into a *nix system and gaining the privileges of the root user. Think of a kid who manages to break into a candy store whle the owner's not looking and raise that to the third power.
The concept of a system root account is hard for most Windows users to grasp, since people who work on Windows boxes are accustomed to being able to do anything and everything on their machines at any time. Windows machines are, after all, intended to be used by one person (or at least, one at a time); *nix systems are pretty much universally designed to be multi-user machines. Both the idea of a `root' superuser on a system and of having multiple users share a desktop PC were, frankly, hard for me to grasp, precisely because I'd come up in the one-CPU-one-user world of the Osborne 1, VIC-20, Commodore 64, and other personal computers too numerous to mention. If I wanted to install a program on my Linux box, I couldn't...at least not as my humble self. I had to log in as `root' to get the job done.
It seems like a damn bother, until the first time it saves you from doing something stupid. As `root', typing `rm -fr *' from the root directory erases the hard drive. Any other merely mortal user of the system attempting the same thing gets the computer equivalent of a fruity raspberry and a bunch of messages to the effect of: "You aren't allowed to do that." It is this feature, for example, that limits the effectiveness of viruses in *nix environments, unless users routinely do everything as `root'.
But I digress, big time...
A couple of days ago, I found a couple of extra, unwelcome accounts on my 486 system, one of which shared user number 0 with the `root' account, effectively giving that person `root' privileges. I do not know how the individual broke in, but I have made copious notes regarding the changes I have been able to identify on the system. There is, however, no reasonable way to be sure that whoever did this deed didn't subvert other parts of the system. There is a remote possibility, too, that whoever broke into my 486 box also poked around in some of the other machines on my home network, and that's something I'll have to consider separately. In any event, the only practical alternative to assure `safe' computing with this system is to reformat and reinstall the system from scratch.
Wish me luck. Hopefully, I'll be back within hours.
Cheers...
They oughta take a gun and shoot me
Piss-poor security
Feeds vulnerability,
(with apologies to Roger Miller)
A long, long time ago (and here, I'll stop and consciously not try to get cute with the lyrics to American Pie)... Let me start again...
A couple of years ago, someone not only rooted my trusty 486 SX box running RedHat Linux 4.2, but announced the accomplishment by issuing the `rm -fr *' command from the root directory. For those not up to speed in the language of Unix (or its sibling Linux, or - as is commonly written - *nix, signifying the family of Unix-like operating systems), the command `rm -fr *' instructs the operating system to erase every file in the current directory and all directories in the current directory, recursively (in other words: erase every file on the machine). The `root' account on a *nix system is the account that can do anything and everything on the system (basically ignoring all permission settings on files). The `root' account is the `superuser', the Boss, the Head Enchilada, the Big Kahuna. There are those who suggest that an acceptable alternative spelling of `root' is `G-o-d'.
The use of the word `root' as a verb signifies the act of breaking into a *nix system and gaining the privileges of the root user. Think of a kid who manages to break into a candy store whle the owner's not looking and raise that to the third power.
The concept of a system root account is hard for most Windows users to grasp, since people who work on Windows boxes are accustomed to being able to do anything and everything on their machines at any time. Windows machines are, after all, intended to be used by one person (or at least, one at a time); *nix systems are pretty much universally designed to be multi-user machines. Both the idea of a `root' superuser on a system and of having multiple users share a desktop PC were, frankly, hard for me to grasp, precisely because I'd come up in the one-CPU-one-user world of the Osborne 1, VIC-20, Commodore 64, and other personal computers too numerous to mention. If I wanted to install a program on my Linux box, I couldn't...at least not as my humble self. I had to log in as `root' to get the job done.
It seems like a damn bother, until the first time it saves you from doing something stupid. As `root', typing `rm -fr *' from the root directory erases the hard drive. Any other merely mortal user of the system attempting the same thing gets the computer equivalent of a fruity raspberry and a bunch of messages to the effect of: "You aren't allowed to do that." It is this feature, for example, that limits the effectiveness of viruses in *nix environments, unless users routinely do everything as `root'.
But I digress, big time...
A couple of days ago, I found a couple of extra, unwelcome accounts on my 486 system, one of which shared user number 0 with the `root' account, effectively giving that person `root' privileges. I do not know how the individual broke in, but I have made copious notes regarding the changes I have been able to identify on the system. There is, however, no reasonable way to be sure that whoever did this deed didn't subvert other parts of the system. There is a remote possibility, too, that whoever broke into my 486 box also poked around in some of the other machines on my home network, and that's something I'll have to consider separately. In any event, the only practical alternative to assure `safe' computing with this system is to reformat and reinstall the system from scratch.
Wish me luck. Hopefully, I'll be back within hours.
Cheers...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
rm -fr *
Date: 2000-09-01 12:28 am (UTC)Great song snippet, btw :)
Re: rm -fr *
At least this second incident is leaving me some breathing room, which I did not have the first time. Also, once I'm back up, I'll undoubtedly have to spend time reinforcing the defenses I put in place after the first indcident.
Cheers...