newbs are dangerous
10 posts
• Page 1 of 1
newbs are dangerous
by worker201 » Sat Jul 30, 2005 3:34 am
I was at another Linux forum, trying to help some people out. There was a kid on there who couldn't write his fstab, even though he thought he was root. More than likely, he wasn't actually root. But some other kid told him to change the permissions on fstab to 777! Fortunately, I was able to step in and tell the kid not to do that. I hope I wasn't too late. I learned the hard way that you have to get used to dealing with permissions, even though they seem to be a hassle sometimes.
- worker201
- guru
- Posts: 668
- Joined: Sun Jun 13, 2004 6:38 pm
- Location: Hawaii
by Void Main » Sat Jul 30, 2005 7:28 am
You know what's worse than that? When "professional" software companies do the same thing. It actually pisses me off when I see this from people who should know better. Believe me, this happens more often than not. I manage a software package that we paid a few hundred thousand dollars for and the server portion runs on Red Hat ES. When you install it the entire directory structure it installs under is 777. All upgrades/patches install with 777.
There was another similar package that we were trying out that we were having trouble getting to run. Support told me to "chmod -R 777 /opt/theirbasedir". "incompetent morons" came to mind in both cases. I actually told the support guys that I just wasn't going to do that. I felt like telling them they should be ashamed of themselves and that we weren't running this stuff on "Windows" for a reason, namely security.
Yeah, this one really bugs me if you can't tell. It's very amateur.
There was another similar package that we were trying out that we were having trouble getting to run. Support told me to "chmod -R 777 /opt/theirbasedir". "incompetent morons" came to mind in both cases. I actually told the support guys that I just wasn't going to do that. I felt like telling them they should be ashamed of themselves and that we weren't running this stuff on "Windows" for a reason, namely security.
Yeah, this one really bugs me if you can't tell. It's very amateur.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by Calum » Sat Jul 30, 2005 3:41 pm
morons.
i'm hardly a linux guru but that's just *really* thick.
next they will be telling you it's best to use the windows 95 version of their product.
it's simple laziness on the part of the software vendor in my opinion.
i'm hardly a linux guru but that's just *really* thick.
next they will be telling you it's best to use the windows 95 version of their product.
it's simple laziness on the part of the software vendor in my opinion.
-
Calum - guru
- Posts: 1343
- Joined: Fri Jan 10, 2003 11:32 am
- Location: Bonny Scotland
by caveman » Sat Jul 30, 2005 4:21 pm
Touche. One of by really pet hates with *nix "professionals".
Few years ago I managed a system running on a Sun box,
and the database permissions gave problems - so they changed everything
to 777. I bitched and moaned, and was told to go far away (and I was sort
of the DBA etc.) So I left.
Some months later (and me gone) one of the "clever" guys deleted the
database while jumping down links (as a normal user)... ROTFL!
Another time they changed the permissions in /etc and /sbin... Man that
was chaos, the screens stopped working, background jobs refused to start
without terminals, etc. etc. etc. because the SUID and sticky bits was removed.. We eventually ended up running on the backup machine while
re-installing the operating system on the main box.
(On AIX - removing the sticky bit can create really BIG problems that take
a long time to figure out what is wrong)
I really cannot understand why people still do that - even in big corporations,
and then just smile when you talk about it. They are usually more concerned
about access into the building and "secure" areas than real security
on/inside the computers.
Few years ago I managed a system running on a Sun box,
and the database permissions gave problems - so they changed everything
to 777. I bitched and moaned, and was told to go far away (and I was sort
of the DBA etc.) So I left.
Some months later (and me gone) one of the "clever" guys deleted the
database while jumping down links (as a normal user)... ROTFL!
Another time they changed the permissions in /etc and /sbin... Man that
was chaos, the screens stopped working, background jobs refused to start
without terminals, etc. etc. etc. because the SUID and sticky bits was removed.. We eventually ended up running on the backup machine while
re-installing the operating system on the main box.
(On AIX - removing the sticky bit can create really BIG problems that take
a long time to figure out what is wrong)
I really cannot understand why people still do that - even in big corporations,
and then just smile when you talk about it. They are usually more concerned
about access into the building and "secure" areas than real security
on/inside the computers.
- caveman
- programmer
- Posts: 130
- Joined: Sun Feb 09, 2003 1:08 pm
- Location: Midrand Gauteng, South Africa
by Calum » Mon Aug 01, 2005 1:26 pm
the most recent desktop machines that we deploy to the lusers at work actually have a little lock on the actual PC case! how useless is that? especially since they a) have nothing worth nicking inside and b) if you wanted the hard drive out of it, 10 seconds with a butter knife on one of the side panels would get it open (with a bit of damage of course). add to this the fact that the users are BOUND to lose the keys the instant they get their grubby little mitts on them and you have a complete security nightmare.
oh yes, and they all get deployed with windows xp on them!
oh yes, and they all get deployed with windows xp on them!
-
Calum - guru
- Posts: 1343
- Joined: Fri Jan 10, 2003 11:32 am
- Location: Bonny Scotland
by worker201 » Mon Aug 01, 2005 1:49 pm
Void Main wrote:Maybe they are trying to lock the viruses inside so they can't spread.
Sigh. If only it were that easy! Unfortunately, Windows comes with an agent that goes out onto the network and actually looks for viruses, and downloads them to your computer. It's called IE.
- worker201
- guru
- Posts: 668
- Joined: Sun Jun 13, 2004 6:38 pm
- Location: Hawaii
by Calum » Thu Aug 04, 2005 7:13 am
don't worry, we have a whole department dedicated to updating all PCs on the network with the relevant virus patches. sometimes they deploy them as quickly as two weeks after the virus is initially discovered!!!!! 
-
Calum - guru
- Posts: 1343
- Joined: Fri Jan 10, 2003 11:32 am
- Location: Bonny Scotland
by Void Main » Fri Aug 05, 2005 11:23 am
Another example of the joys of IE and Windows (see Email Ploy):
http://isc.sans.org/diary.php?date=2005-08-04
http://isc.sans.org/diary.php?date=2005-08-04
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest