Page 1 of 6 123 ... LastLast
Results 1 to 10 of 51

Thread: Question about Linux security. I found something strange.

  1. #1

    Default Question about Linux security. I found something strange.

    Hi,

    question about Linux' safety:

    Our IT manager and I (Linux beginner) had a discussion in our company about how to keep employees from running programs they bring on USB sticks into the company.
    He said it's cumbersome to prevent that under Windows XP, which we use.
    My system is an openSUSE 11.4. (only one in the company. I wanted it.). I said Linux should be better equipped to guarantee a save system.

    As proof of that I wanted to download a Linux program and show that it does not run without root allowing it to.

    I downloaded an installation program shell scrip for some program (something like install.sh).
    The strange thing though was, that I could run it WITHOUT setting the is executable flag as a regular user. It ran just like that and installed whatever it wanted to install.
    Not safe, it seems.

    I opened Dolphin and saw the flag was not set for this install.sh (under "Permissions"). So I set it. Then I reset the flag to not set = "is not executable". Only now I was unable to run that script. Strange.

    If there anything I overlooked?
    Can you really run install programs under Linux w/o being root? In that not unsafe?
    How do you prevent that?

    Thanks for your help (and please forgive me for this probably idiotic question).

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Question about Linux security. I found something strange.

    You are wrong. Users can always install and execute programs in directories they have write permission on. Maybe they have to change the permissions, but that is also allowed. In any case a shell script can always be run with sh script.sh.

    What a user cannot do is write on files or directories they do not have permissions for. Thus the system prevents users from endangering other users files (provided those users are wise enough to not trust other users). It does not prevent users from executing their own programs.

  3. #3
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Question about Linux security. I found something strange.

    the stick you 'installed' from is fat (right?) and if you looked at it
    in a command line program like mc, you would have seen that everything
    looks executable to a fat file system..

    but, if you execute a script as yourslef, it will 'install' in your
    /home, and NOT into the system...because it can't write to the system
    directories without root powers..

    see, as a user you are allowed to install anything you wish into *your*
    home space...you just are not allowed to mess up the system...see?

    hint for next time: dry run your examples before you try to convince
    'the boss' how much better FOSS is...he will be hard to convince even if
    your presentation is air tight...and, VERY hard to get to pay attention
    if you fail....i mean, most bosses think super-rich Bill *must* be
    right! right?

    --
    CAVEAT: http://is.gd/bpoMD
    [openSUSE 11.3 + KDE4.5.5 + Thunderbird3.1.8 via NNTP]
    A Penguin Being Tickled - http://www.youtube.com/watch?v=0GILA0rrR6w

  4. #4

    Default Re: Question about Linux security. I found something strange.

    Too bad. Since I am sitting in a network with read access to other user's directories, a hostile script that I run (maybe by mistake or malicious intent...) could read everything in their directories. Not write, but read, but that's bad enough. That script could also change stuff in my home. Is there no way to protect stupid users from doing this?

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Question about Linux security. I found something strange.

    Don't give stupid users login accounts.

  6. #6

    Default Re: Question about Linux security. I found something strange.

    Funny, but not doable. 80% of office workers are stupid - in this respect.

  7. #7
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    11,998
    Blog Entries
    3

    Default Re: Question about Linux security. I found something strange.

    Quote Originally Posted by ken_yap View Post
    Don't give stupid users login accounts.
    What would be the point of installing linux, if I can't give myself a login account?
    openSUSE Leap 15.1; KDE Plasma 5;

  8. #8
    Join Date
    Nov 2010
    Location
    Damanhour-North-Egypt
    Posts
    90

    Default Re: Question about Linux security. I found something strange.

    Ill agree with ken_yap

    the different between Linux and windows in security and access control is

    windows xp-vista-7 will try to protect files or dirs stored at c : \ or where ever you keep the system files

    but Linux will protect any files or dirs created / owned by user A from being accessed or edited by user B

  9. #9
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Question about Linux security. I found something strange.

    You are always allowed to shoot yourself in the foot on your own machine , but for a shared machine, there has to be some responsibility. I mean would you let this kind of person on your system:

    Code:
    cd
    nano supersecretdepartmentplans.doc
    chmod a+r supersecretdepartmentplans.doc
    chmod a+rx $HOME
    or the equivalent using the GUI?

    Personal machines may be a waste of CPU cycles, but at least most people have a vague notion of physical security whereas Linux permissions can be abstract to them.

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    11,998
    Blog Entries
    3

    Default Re: Question about Linux security. I found something strange.

    Quote Originally Posted by uwekremmin View Post
    Since I am sitting in a network with read access to other user's directories, a hostile script that I run (maybe by mistake or malicious intent...) could read everything in their directories.
    I'm not sure why you think that a problem.

    I normally leave things readable by all. I have some subdirectories that are not publicly readable, and I put some private stuff there. And some other private stuff is encrypted.
    openSUSE Leap 15.1; KDE Plasma 5;

Page 1 of 6 123 ... LastLast

Similar Threads

  1. Strange Flash-player behaviour - Security concern?
    By Solar_Granulation in forum Multimedia
    Replies: 0
    Last Post: 19-Mar-2010, 05:53
  2. My Question is security
    By Suse-Beginner in forum Install/Boot/Login
    Replies: 3
    Last Post: 06-Apr-2009, 20:43
  3. Strange Question About Recent Install
    By InkedParrot in forum Install/Boot/Login
    Replies: 2
    Last Post: 14-Oct-2008, 18:35

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •