Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Root usage and applications

from [Keenan Smith] Network Security [Permanent Link]
Subject: Root usage and applications
Date: Fri, 11 Nov 2005 10:35:50 -0500 
All,

Does anybody know about the "run as root" requirements of HP's OpenView?

I don't own the product but am evaluating a configuration for a client
and have been told that it has to run as root to work properly.

Since an application like OpenView is required to be available from
every node in a network, running it as root seems to me like a pretty
big vulnerability, if someone were to identify a hole and exploit it.

As a long-time application developer, I've found that requiring root
access usually means that the developer is lazy or at best, following
bad programming practices.

In general, what does the collective wisdom of the group say about
something like this?

Does any application require root access?  A firewall?  A network
management tool?  An authorization/authentication server?

And if it does, is it "really" required or is the requirement a result
of developers who don't want to or were not given the time to properly
code and configure the application to run as a user other than root?

Thoughts?

Thanks
Keenan
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Checking DataBase being deployed on a Website, Jepson
Next by Date:  Looking for benchmarking methodologies., misa
Previous by Thread:  Re: Are there any pocketable Hardware Password Vaults, Raoul Armfield
Next by Thread:  Re: Root usage and applications, Barrie Dempster
Indexes:  [Date] [Thread] [Top] [All Lists]