possible? using a linux filesystem on the net from any platform

Discussion in 'General Computing' started by emekadavid, Aug 9, 2012.

  1. emekadavid

    emekadavid Member Staff Writer

    Messages:
    63
    Likes Received:
    4
    Trophy Points:
    8
    sometimes, even while browsing, one has to run some commands that on bash requires superuser privileges, but i wonder how safe I would be if i have to log onto my terminal with root when I know nothing about security and the like.
    is it possible to have access to an online linux-based filesystem where even while surfing the net and checking out forum posts on bash (e.g bashscripts.org) one can easily run some bash commands from your browser connected to an online linux-based filesystem without the risk of logging onto your terminal at all, even with/out root?
    thanks a lot

  2. ehansen

    ehansen New Member Staff Writer

    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    0
    If you're worried about security and safety then your best bet in that scenario is to run a virtual machine or install Cygwin. That, or install Putty and connect to a remote box via SSH.
  3. Kerms

    Kerms New Member

    Messages:
    59
    Likes Received:
    12
    Trophy Points:
    0
    Generally, you are trusting the web browser or the application to prevent injection or some method allowing a hacker to run malicious code on the computer. Usually these are found and fixed in a reasonable amount of time. But in the case where there is a security hole that allows malicious code to be ran, uh oh.

    Moreover, it's a really really bad idea to run your everyday userspace programs (ie web broswers, games...) as root. Root should be more or less use as a systems administration tool, not a user.

    If you are worried the malicious code will some how get root access, you first must understand how. Common ways are privilege escalation, spoofing and (selective) keyloging.

    Privilege escalation is like using a shared anything, putting malicious code in it, and which then a higher user/application executes it.

    Spoofing, is cute. your .bashrc contains the environment variable PATH. PATH is used to find command you type into the therminal. For example, the command `top' is found in one of the specified directories that's given in PATH. Spoofing, in this example, someone or something edits your PATH to contain an malicious alias to a command. Which the user unknowingly executes.

    (Selective) keylogging is fairly self-explanatory. A program records all keystrokes, or records only when a certain program is used/or graphically focused (hence selective).

    So, when in doubt or just simply paranoid, run it in a user who has barely any privileges.

Share This Page