Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Free root returns

By kaworu in MLP
Thu Jan 04, 2001 at 01:10:27 PM EST
Tags: etc (all tags)
/etc

If you havn't already heard about Openroot, Openroot is a box on my network where I give root access to everyone. People can learn, experiment, or do whatever they want.


Openroot has been running for six weeks, the first two weeks of Openroots' run were horrible. It ran on OpenBSD< and could not withstand any attacks from kiddies. Then, I shut it down for a week, and it re-opened around three weeks ago, running in a Jail (under FreeBSD 5.0) It has hardly any downtime, and has been a help for many people wishing to learn the Unix operating system.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Is Openroot worth it?
o Yes 45%
o No 11%
o I like to rm -rf / 1%
o while (1) { fork(); } 22%
o W00713 3y3 g0t r3wt 6%
o I r00t3d s3kt7.0rg 1%
o 0WNED B4BY 4%
o I love kaworu 6%

Votes: 62
Results | Other Polls

Related Links
o Openroot
o Also by kaworu


Display: Sort:
Free root returns | 8 comments (8 topical, editorial, 0 hidden)
*bows to kaworu* (none / 0) (#1)
by Cironian on Thu Jan 04, 2001 at 11:50:34 AM EST

I think many people, especially Unix-Newbies, will find it useful to have a box where they can try out those scary root commands without trashing their valuable data. I know I will point the people I teach to use Unix that way from now on. Thank you!!!

(I wish you not too too much trouble with the l33t crowd - I'd hate to see this go away)

Wonderful (none / 0) (#2)
by slaytanic killer on Thu Jan 04, 2001 at 12:37:44 PM EST

Awesome. You might wish to change the colorscheme on the OpenRoot homepage (the black and white are not very nice on the eyes) but otherwise, I salute you.

Oh, come on... (2.83 / 6) (#3)
by trhurler on Thu Jan 04, 2001 at 01:09:30 PM EST

Perhaps you shouldn't diss OpenBSD, since it seems likely that I can take your machine over in a matter of hours. First off, is that filesystem you've used for the jail mounted so that I can't create devices? If not, I can create a virtual memory dev node and then you lose. If so, have you prevented me from mounting the proc filesystem? If not, then given that I have root, you lose. If you have done that, then have you prevented me from running all the system calls that might get me out of the jail? Have you given this careful thought, because it is a lot trickier than you probably think?

I'm not saying your results haven't been better since you jailed the system. What I'm saying is, you should be happy and go on about your business, looking for ways to continue improving your setup, instead of trash talking about operating systems you apparently don't really know all that well anyway. The only thing that is really going to make what you're doing secure is mandatory access controls, and no free system has them right now except possibly the NSA's Linux system, which is still in the testing and prototype stage. Even that won't protect you from the host of programming errors that are endemic to the BSD and GNU codebases, which have largely been ferreted out in OpenBSD, and which have been half-ass hunted for and a few here and there fixed in FreeBSD. FreeBSD has some very good things, and is a cool system, but knocking OpenBSD on security related matters when you don't even seem to know what you're doing is pretty uncool.

--
'God dammit, your posts make me hard.' --LilDebbie

First of all (4.00 / 1) (#5)
by retinaburn on Thu Jan 04, 2001 at 02:13:59 PM EST

He didn't "diss" OpenBSD he said it couldn't withstand the attacks from the kiddies. Which means that it was too envolved to figure out how to make it more stable. So instead he switched distro's (not to be meant as a personal attack on anyone using any other distro) and ran Jail which he found easier to setup and found it more secure than the setup of OpenBSD.

I am sick of hearing people say "Oh you think thats better than this, well you should have done x, y, z cuz I could do a, b, c now and that means that you don't know shit and im smarter than you."

But perhaps you are far more intuitive than I reading into 2 sentences.


I think that we are a young species that often fucks with things we don't know how to unfuck. -- Tycho


[ Parent ]
dissing (4.50 / 2) (#6)
by kaworu on Thu Jan 04, 2001 at 02:30:06 PM EST

I really did not diss OpenBSD. The reason it wasn't suited for Openroot was because it could not be easily restored on an hourly basis, because everyone has root. Using jail, it was much easier. You are not allowed to create any nodes in /dev, nor mount the proc filesystem. Thanks for the comments

[ Parent ]
Nodes in dev (3.50 / 4) (#7)
by trhurler on Thu Jan 04, 2001 at 02:37:28 PM EST

You don't understand, I think. I don't have to create the nodes in /dev. I can create them anywhere I like, and if they have the right major and minor numbers(which I get to specify) then that becomes a valid device. There is nothing magical about the /dev directory, or the name of the device file itself, or anything like that. I could call my mouse, which is usually(in my case,) /dev/psm0, /foo/bar/baz/mousethingy - and it would still work just fine provided I altered the configuration of my programs that use the mouse so that they knew where to find it. Similarly, I could modify my programs so that they knew where to find my version of a virtual memory device, for instance.

--
'God dammit, your posts make me hard.' --LilDebbie

[ Parent ]
dev nodes (5.00 / 2) (#8)
by kaworu on Thu Jan 04, 2001 at 03:55:51 PM EST

You're right! I completely forgot about that! Once I got home, I began some testing with the Jail. You can not make devices with mknod, even if you specify the correct numbers. I also tried some things with system calls, and was unable to break the jail. Jailed users cannot mount any type of filesystem within the Jail

[ Parent ]
password changed already (none / 0) (#4)
by delmoi on Thu Jan 04, 2001 at 01:46:23 PM EST

Looks like someone already changed the su password, at least, It didn't work for me...
--
"'argumentation' is not a word, idiot." -- thelizman
Free root returns | 8 comments (8 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!