Author: Benjamin D. Thomas
Lynx, phpMyAdmin, AbiWord, netpbm, gdb, xloadimage, and openldap. The distributors
include Debian, Gentoo, and Red Hat.Local User Security
Dave Wreski
Getting access to a local user account is one of the first things that system
intruders attempt while on their way to exploiting the root account. With lax
local security, they can then “upgrade” their normal user access to root access
using a variety of bugs and poorly setup local services. If you make sure your
local security is tight, then the intruder will have another hurdle to jump.
Local users can also cause a lot of havoc with your system even
(especially) if they really are who they say they are. Providing accounts
to people you don’t know or for whom you have no contact information is
a very bad idea.
You should make sure you provide user accounts with only the minimal
requirements for the task they need to do. If you provide your son
(age 10) with an account, you might want him to only have access to a
word processor or drawing program, but be unable to delete data that
is not his.
Several good rules of thumb when allowing other people legitimate
access to your Linux machine:
- Give them the minimal amount of privileges they need.
- Be aware when/where they login from, or should be logging in from.
- Make sure you remove inactive accounts, which you can determine
by using the ‘last’ command and/or checking log files for any
activity by the user. - The use of the same userid on all computers and networks is
advisable to ease account maintenance, and permits easier analysis
of log data. - The creation of group user-id’s should be absolutely prohibited.
User accounts also provide accountability, and this is not possible
with group accounts.
Many local user accounts that are used in security compromises have not
been used in months or years. Since no one is using them they, provide the
ideal attack vehicle.
Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
Debian | ||
Debian: New Ruby 1.8 packages fix safety bypass |
||
13th, October, 2005
|
||
Debian: New hylafax packages fix insecure temporary files |
||
13th, October, 2005
|
||
Debian: New Mozilla packages fix several vulnerabilities |
||
20th, October, 2005
|
||
Debian: New module-assistant package fixes insecure temporary file |
||
20th, October, 2005
|
||
Gentoo | ||
Gentoo: KOffice, KWord RTF import buffer overflow |
||
14th, October, 2005
|
||
Gentoo: SPE Insecure file permissions | ||
15th, October, 2005
|
||
Gentoo: Perl, Qt-UnixODBC, CMake RUNPATH issues |
||
17th, October, 2005
|
||
Gentoo: Lynx Buffer overflow in NNTP processing |
||
17th, October, 2005
|
||
Gentoo: phpMyAdmin Local file inclusion vulnerability |
||
17th, October, 2005
|
||
Gentoo: AbiWord New RTF import buffer overflows |
||
20th, October, 2005
|
||
Gentoo: Netpbm Buffer overflow in pnmtopng | ||
20th, October, 2005
|
||
Red Hat |
||
RedHat: Moderate: openldap and nss_ldap security update |
||
17th, October, 2005
|
||
RedHat: Moderate: openldap and nss_ldap security update |
||
17th, October, 2005
|
||
RedHat: Critical: lynx security update | ||
17th, October, 2005
|
||
RedHat: Moderate: netpbm security update | ||
18th, October, 2005
|
||
RedHat: Low: gdb security update | ||
18th, October, 2005
|
||
RedHat: Low: xloadimage security update | ||
18th, October, 2005
|
||