Wednesday, September 8, 2010

Running as root !?

Ok so a lot of you people like using Backtrack and now that it's debian based and it is possible to use it as a daily OS things have changed a bit.

Now as you know there are a few guides on how to make an unprivileged user in Backtrack.
Unprivileged user in BT
Normally it's good to make an unprivileged users but I must remind you that Backtrack is not a normal OS, most of it's applications must be run as root, it was basically made to run as root and nothing else.
If you ask people if it's ok to run as root, you will get an answer similar to this one: "It's not safe to run as root!", but did anyone tell you why ? or when is it safe to run as root ?

I'm going to try to clarify the risks and all that stuff regarding "Running as root".
Keep in mind that what I am saying here applies to normal desktop PC's or laptops, not servers ....

Ok so let's begin:

Running as root has a bright side as well as a dark side:


As you know the "root" account on a *nix system is the most privileged account. This account allows you to do anything you want without asking questions like: changing passwords, installing applications, adding accounts, etc. The computer does not hassle you with confirmations and questions because it thinks you know what you are doing ... so if you don't log out now!
This is a good thing because it does not bother you to type sudo for everything which gets annoying after a while.


Now a lot of people are afraid to run as root, because they might break something ... and this is true, if you run as root and have no clue about what you are doing you might end up with 3 reinstalls per day.
Running as root is not for everyone, you need some advanced skills in using the bash + some advanced knowledge about *nix. Oh and if you can't play in the bash without typing "rm -rf /*" every 20 seconds then close this window and stop reading for your own safety.

So base line. If you are not sure you can handle it and don't want to accidentally lose your important data or stuff don't run as root.

Another thing in running as root, people often say that you should not run as root for security reasons, this is also true. If an attacker gets hold of your system he will be root and he could do anything with your PC, but now I ask you ... how many services do you need running 24/7 on your home PC/laptop ?

Sure there are other ways of getting access to your system, like if you are in a LAN with others, they could try a MITM and maybe sniff your credentials but there are programs to protect you from this kind of attacks, you can even use ettercap for this or arpwatch, I'm sure if you google this things you will come up with something.
Other methods would be to set an ev!l server with metasploit or SET and trick you in clicking it or send an email with some malicious .pdf or I don't know, now if you know you would click every link people give you and read every attachment on your email without scanning it ... close the windows NOW!

Now this are some of the security risks that you need to be aware of when running as root.
Oh and one last thing don't think that if you're not running as root you are completely bullet proof !

No comments:

Post a Comment