Security Changes For Fedora 9
Kevin Fenzi
kevin at tummy.com
Sat Jan 5 21:57:44 UTC 2008
On Fri, 4 Jan 2008 17:55:49 -0800 (PST)
riley.marquis at tcsresearch.org wrote:
> It appears as if I have fallen behind the times in terms of Linux
> security. I apologize for not keeping up. =)
No worries. ;)
>
> I'd like to take a moment to ask a few questions so that I can better
> understand the reasoning behind certain changes being a bad idea, and
> thus become more knowledgeable.
>
> 2: /etc/ssh/sshd_config change
> In regards to changing PermitRootLogin to no, we'd obviously need a
> regular user account to login to, then su to root. Thus, even one who
> has the root account and password would need a regular user name and
> password before the root account would do him any good. However,
> perhaps there is a downside to this as well? Or perhaps we don't
> change any defaults from upstream OpenSSH unless absolutely
> necessary? I'm sure there are those who want to login as root, and
> those who don't. Just curious about the reasoning...
Well, as you say, you need to make sure we force the user to make a
regular account first, currently thats not being done. You can do a new
install and not create a user account.
I find root ssh login handy for a number of reasons:
- You can have some family member or friend who trusts you to fix their
linux install allow your ssh key to login as root, then you never need
to know any passwords on their system or have a useless normal account
there.
- It's nice to be able to do for automated tasks (like say installing a
single new package on 20 machines without having to login and sudo on
each).
I wouldn't be opposed to disabling it if it was possible to re-enable
for folks who wanted it and we made sure there was always a way to get
in via a user account. We just basically need to make sure everything
is in place before doing anything like disabling root logins.
>
> In regards to the GCC lockdowns, it was my understanding that
> sometimes hackers use our own compilers against us by logging in as a
> normal user, using gcc to build their hacktools, and then using the
> built tools to compromise root. Is this something that is no longer
> done? Just curious.
Sure, but disabling compiling for all the legit users is a bit like
throwing out the baby with the bathwater.
>
> Thanks in advance!
> Riley
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20080105/72fc0d43/attachment.sig>
More information about the Fedora-security-list
mailing list