Security Basics mailing list archives
Root usage and applications
From: "Keenan Smith" <kc_smith () clark net>
Date: Fri, 11 Nov 2005 10:35:50 -0500
All, Does anybody know about the "run as root" requirements of HP's OpenView? I don't own the product but am evaluating a configuration for a client and have been told that it has to run as root to work properly. Since an application like OpenView is required to be available from every node in a network, running it as root seems to me like a pretty big vulnerability, if someone were to identify a hole and exploit it. As a long-time application developer, I've found that requiring root access usually means that the developer is lazy or at best, following bad programming practices. In general, what does the collective wisdom of the group say about something like this? Does any application require root access? A firewall? A network management tool? An authorization/authentication server? And if it does, is it "really" required or is the requirement a result of developers who don't want to or were not given the time to properly code and configure the application to run as a user other than root? Thoughts? Thanks Keenan
Current thread:
- Are there any pocketable Hardware Password Vaults CK (Nov 09)
- Re: Are there any pocketable Hardware Password Vaults Andre Ludwig (Nov 10)
- Re: Are there any pocketable Hardware Password Vaults Raoul Armfield (Nov 15)
- Root usage and applications Keenan Smith (Nov 15)
- Re: Root usage and applications Barrie Dempster (Nov 16)
- RE: Are there any pocketable Hardware Password Vaults Jon Gucinski (Nov 10)
- RE: Are there any pocketable Hardware Password Vaults Mike Harlan (Nov 15)
- Re: Are there any pocketable Hardware Password Vaults Steven Meyer (Nov 10)
- Re: Are there any pocketable Hardware Password Vaults Kaushik (Nov 10)
- Re: Are there any pocketable Hardware Password Vaults Eric Udell (Nov 15)
- <Possible follow-ups>
- Re: Are there any pocketable Hardware Password Vaults felix . oxley (Nov 15)
- Re: Are there any pocketable Hardware Password Vaults Pranav Lal (Nov 16)
- Re: Are there any pocketable Hardware Password Vaults Diarmaid McManus (Nov 21)
- Re: Are there any pocketable Hardware Password Vaults Atom Smasher (Nov 28)
- Re: Are there any pocketable Hardware Password Vaults Pranav Lal (Nov 16)
- Re: Are there any pocketable Hardware Password Vaults Andre Ludwig (Nov 10)