ppetit wrote:
I would like to know how it is possible for someone to take over my machine, because I am running as root, and in a way that would not work if I were not running as root. I need to be convinced it's possible, and that includes details.
I will attempt to clarify this for you to a certain extent. I will not however, turn this thread into a how-to for taking a computer. If what I say to you is not sufficient to convince you, so be it. I don't need for you to believe me enough to give specific instructions and workable code.
First you need to understand that when you are running in X as root every GUI program you run is run as root. Let's take the browser for an example. You are surfing the net and click on a link labeled pictures. One of these pictures redirects the browser to save a small file to /init d. instead of the browser catch. Since the browser is running as root the system dutifully complies without warning or complaint. The file is saved as a root file with execute privileges. The next time you start the computer /init d. runs as is normal, executing the rogue file. This rogue file opens a port and broadcasts the current IP to an IRC channel bot. The bot then sends whatever code it chooses to your machine, sets it to root and execute, unknown to you. The rest is history, as they say.
Had the browser not been running as root, any file downloaded could not be saved anywhere but in the non-execuatable catch. Also, the execute bit could not be set because only root can do that.
The above is only one of many ways you can get into trouble running X as root. Most of the time you will not even know that you are owned. That is the whole point. To have a fully functioning box under your direct control. Breaking your box would defeat the whole purpose of taking it in the first place.
But you may not be aware that there are a large number of people who believe that, while it was once a problem, it no longer is, and there is no longer any need for the home computer user to avoid running as root.
This is back asswards, so-to-speak. The exploits of today are much more sophisticated and widespread than they were in the past. To say that there is less risk now than there has been in the past is just plain wrong headed. The vast majority of the computers that make up bot-nets are individual home computers. Yes, 99% of them are Windows boxes, but that is only because they are more common and easier to break into. All that will change as Linux becomes more and more popular and new users insist on running in root.
I hope this was somewhat enlightening.
Fred