[NTLUG:Discuss] Three unrelated questions

Fri Jun 24 07:53:49 CDT 2005

-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org] On Behalf
Of Leroy Tennison
Sent: Thursday, June 23, 2005 10:44 PM
To: NTLUG Discussion List
Subject: Re: [NTLUG:Discuss] Three unrelated questions

<snip />

>Thanks for the answers, I appreciate it.  Do you know what makes 'root' 
>special (regardless of it's name?)

Sure, let me show you some (edited) code - (Don't shoot, I didn't write it,
but it's a tool I help maintain...)

    /*
     * Must start run as root since opening a network interface
     * in promiscuous mode is a privileged operation.
     * Verify we're running as root, unless we are reading data from a file
     */

    if ((myGlobals.runningPref.disablePromiscuousMode != 1) &&
        getuid() /* We're not root */) {
...

        traceEvent(CONST_TRACE_WARNING, "You need root capabilities to
capture network packets.");

        if(strcmp(pw->pw_passwd, "x") == 0) {
#ifdef HAVE_SHADOW_H
            /* Use shadow passwords */
            struct spwd *spw;

            spw = getspnam("root");
...
#else
...
#endif

        } else
            correct = pw->pw_passwd;

        theRootPw = getpass("Please enter the root password: ");
        encrypted = crypt(theRootPw, correct);
...

We specifically say 'root' as in "Please enter the root password".  That's
what makes root special - it's a name people recognize.  But that's just
typing.  The RIGHT way would be to scan /etc/passwd looking for UID 0, then
use THAT name.

You may also notice the getspnam("root") call.  That's a little trickier, as
the lookup IS by name.  But the same lookup for the text lines could be done
here.

But that's just security by obscurity and since it's not ever that obscure,
it's rarely recommended.  There's just no reason to rename 'root'.

Later on it gets worse, as we go looking for a low privledged user to try.
That's much harder w/o making assumptions about specific names (vs. uid #s),
as the privledge 'database' doesn't exist - it's really a question of
whether UID n / GID m has read (or read/write) access to sensitive files...:

  /*
    The user has not specified the uid using the -u flag.
    We try to locate a user with no privileges
  */

  if(!userSpecified) {
    struct passwd *pw = NULL;

    if(getuid() == 0) {
      /* We're root */
      char *user;

      pw = getpwnam(user = "nobody");
      if(pw == NULL) pw = getpwnam(user = "anonymous");
...

-----Burton