Loading ...
Sorry, an error occurred while loading the content.

uid 0 for ports < 1024 -- why ?

Expand Messages
  • Santosh Cheler
    uid 0 for ports
    Message 1 of 15 , Dec 8, 2001
    • 0 Attachment
      uid 0 for ports < 1024 -- why ?

      Recently, I was discussing this issue on an application server
      mailing list. This app-server(tomcat) usually runs at port 8080.
      But since this port is blocked by the firewalls, it needs to be
      run at 80 and this requires uid 0. unlike apache httpd, tomcat
      is not well tested and so it is not advisable to run it on port 80.
      [running tomcat behind apache is another issue, lets not talk
      about it]


      But then, why does apache need uid 0 for ?
      and why are ports < 1024 need uid 0 -- the reason for this is
      history -- long ago, the unix servers used to have large number
      of non-root users and not everybody was supposed to listen to
      these ports, for various reasons. But this is no longer the case
      in >75% of the servers. I am the only user on my server.

      and so in the present day case, it more beneficial to allow
      non-root users to bind to all the ports -- leaving less security
      holes.

      What are your opinions ?


      Santosh








      -=-=-=-=-=-


      _________________________________________________________________
      Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
    • ramana
      ... There is another side to it. What if some non root programme (i.e. all those programmes which are run by every others) hijacked all ports
      Message 2 of 15 , Dec 9, 2001
      • 0 Attachment
        >
        > But then, why does apache need uid 0 for ?
        > and why are ports < 1024 need uid 0 -- the reason
        > for this is
        > history -- long ago, the unix servers used to have
        > large number
        > of non-root users and not everybody was supposed to
        > listen to
        > these ports, for various reasons. But this is no
        > longer the case
        > in >75% of the servers. I am the only user on my
        > server.
        >
        > and so in the present day case, it more beneficial
        > to allow
        > non-root users to bind to all the ports -- leaving
        > less security
        > holes.
        >
        > What are your opinions ?
        >
        >
        > Santosh
        >

        There is another side to it.

        What if some non root programme (i.e. all those
        programmes which are run by every others) hijacked all
        ports<1024?

        Other possibilities are much more dangerous. For
        example some worm immitating some standard service
        and at the same time stealing some sensitive
        information. Since the work can be run by any user!

        by
        ramana



        __________________________________________________
        Do You Yahoo!?
        Send your FREE holiday greetings online!
        http://greetings.yahoo.com
      • Santosh Cheler
        ... If that is a third-party (untrusted?) programme, then even root can be fooled. ... But tell me how many unix servers have non-root users. Machines today
        Message 3 of 15 , Dec 9, 2001
        • 0 Attachment
          >From: ramana <rmn_ilughyd@...>
          >There is another side to it.
          >
          > What if some non root programme (i.e. all those
          >programmes which are run by every others) hijacked all
          >ports<1024?
          >

          If that is a third-party (untrusted?) programme, then even
          root can be fooled.


          > Other possibilities are much more dangerous. For
          >example some worm immitating some standard service
          >and at the same time stealing some sensitive
          >information. Since the work can be run by any user!
          >

          But tell me how many unix servers have non-root users.

          Machines today are not shared. They are owned and used
          by single entities, and for server machines (like
          www.yahoo.com) the only people with access to the machine are ones who
          already have root access. Either you trust the machine and all of its
          sysadmins and users, or you don't.

          ~Santosh

          >by
          >ramana
          >
          >
          >
          >__________________________________________________
          >Do You Yahoo!?
          >Send your FREE holiday greetings online!
          >http://greetings.yahoo.com

          _________________________________________________________________
          Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
        • Suresh Ramasubramanian
          ... Man, try a system where there are free shell accounts (like arbornet.org for example). Or try a system which gives webmail access (with apache running as
          Message 4 of 15 , Dec 9, 2001
          • 0 Attachment
            +++ Santosh Cheler [10/12/01 04:26 +0000]:
            > But tell me how many unix servers have non-root users.
            >
            > Machines today are not shared. They are owned and used
            > by single entities, and for server machines (like
            > www.yahoo.com) the only people with access to the machine are ones who
            > already have root access. Either you trust the machine and all of its
            > sysadmins and users, or you don't.

            Man, try a system where there are free shell accounts (like arbornet.org for
            example). Or try a system which gives webmail access (with apache running as
            a non privileged user). Or in fact, try a system which gives webhosting on a
            shared unix server, and also ssh (or even telnet) access to its users.

            Now you were saying? ....

            -srs

            --
            Suresh Ramasubramanian + suresh <@> kcircle.com
            Friday@... + http://www.kcircle.com
          • Nick Hill
            On Mon, Dec 10, 2001 at 04:26:11AM +0000, Santosh Cheler wrote: But tell me how many unix servers have non-root users. Machines today are not shared.
            Message 5 of 15 , Dec 10, 2001
            • 0 Attachment
              On Mon, Dec 10, 2001 at 04:26:11AM +0000, Santosh Cheler wrote:
              >
              > But tell me how many unix servers have non-root users.
              >
              > Machines today are not shared. They are owned and used
              > by single entities, and for server machines (like
              > www.yahoo.com) the only people with access to the machine are ones who
              > already have root access. Either you trust the machine and all of its
              > sysadmins and users, or you don't.
              >

              huh? i thought the transition of OSen was from DOS->Windows->UNIX. The
              multiuser-ness of the system increases in that order. Since when are we
              going the other way? Dont tell me, you log in as r00t while on u're system
              all the time. If all you're using is a Desktop PC, that wouldn't matter, altho
              i dont log in as r00t till absolutely necessary, even on my desktop pc.

              you dont trust anyone, bud. as suresh has mentioned, shell accounts, pop3 boxen,
              et al _survive_ on multi-user access. If i dont have user access, how about
              running BIND as r00t, and i cause a buffer overflow from a remote host, and you
              wont even know what hit you, cuz i'll be rm -rf'ing / wee! There goes all yer
              pr0n! :P

              Most of the computers are used as servers on the 'net. Heck, what else can they
              be used for. From what u're trying to say, authentication should be a thing of
              the past. So, all boxen on the net shuld either be totall-closed or totally-open
              eh?

              Where's the salt? I need a grain.

              Nikhil.


              --
              Nikhil Shankar (nikhilwiz at yahoo.com)

              Slackware Linux http://www.slackware.com/
              I guess that's why people care: Simplicity is Divine.

              _________________________________________________________
              Do You Yahoo!?
              Get your free @... address at http://mail.yahoo.com
            • Santosh Cheler
              ... Cool man, have patience. Again, let me remind you, I am talking about servers used for serious business, not the ones in the universities labs. btw, I am
              Message 6 of 15 , Dec 10, 2001
              • 0 Attachment
                >From: Nick Hill <nikhilwiz@...>
                >Reply-To: ilughyd@yahoogroups.com
                >To: ilughyd@yahoogroups.com
                >Subject: Re: [TwinCLinG] uid 0 for ports < 1024 -- why ?
                >Date: Mon, 10 Dec 2001 14:06:03 +0530
                >
                >On Mon, Dec 10, 2001 at 04:26:11AM +0000, Santosh Cheler wrote:
                > >
                > > But tell me how many unix servers have non-root users.
                > >
                > > Machines today are not shared. They are owned and used
                > > by single entities, and for server machines (like
                > > www.yahoo.com) the only people with access to the machine are ones who
                > > already have root access. Either you trust the machine and all of its
                > > sysadmins and users, or you don't.
                > >
                >
                >huh? i thought the transition of OSen was from DOS->Windows->UNIX. The
                >multiuser-ness of the system increases in that order. Since when are we
                >going the other way? Dont tell me, you log in as r00t while on u're system
                >all the time. If all you're using is a Desktop PC, that wouldn't matter,
                >altho
                >i dont log in as r00t till absolutely necessary, even on my desktop pc.
                >


                Cool man, have patience. Again, let me remind you, I am talking about
                servers
                used for serious business, not the ones in the universities' labs.
                btw, I am not a newbie(not an expert either), and I dont work as root
                all the time -- it requires proper control over your mind :-)


                >you dont trust anyone, bud. as suresh has mentioned, shell accounts, pop3
                >boxen,
                >et al _survive_ on multi-user access. If i dont have user access, how about
                >running BIND as r00t, and i cause a buffer overflow from a remote host, and
                >you
                >wont even know what hit you, cuz i'll be rm -rf'ing / wee! There goes all
                >yer
                >pr0n! :P
                >


                why root ? use a dummy user, no problems with this.

                >Most of the computers are used as servers on the 'net. Heck, what else can
                >they
                >be used for. From what u're trying to say, authentication should be a thing
                >of
                >the past. So, all boxen on the net shuld either be totall-closed or
                >totally-open
                >eh?
                >
                >Where's the salt? I need a grain.

                checkup your taste buds with a doctor :-)


                Santosh.


                >
                >Nikhil.
                >
                >
                >--
                >Nikhil Shankar (nikhilwiz at yahoo.com)
                >
                >Slackware Linux http://www.slackware.com/
                >I guess that's why people care: Simplicity is Divine.
                >
                >_________________________________________________________
                >Do You Yahoo!?
                >Get your free @... address at http://mail.yahoo.com
                >

                _________________________________________________________________
                Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
              • Nick Hill
                On Mon, Dec 10, 2001 at 09:47:22AM +0000, Santosh Cheler wrote: Cool man, have patience. Again, let me remind you, I am talking about servers used for
                Message 7 of 15 , Dec 10, 2001
                • 0 Attachment
                  On Mon, Dec 10, 2001 at 09:47:22AM +0000, Santosh Cheler wrote:
                  > Cool man, have patience. Again, let me remind you, I am talking about
                  > servers
                  > used for serious business, not the ones in the universities' labs.
                  > btw, I am not a newbie(not an expert either), and I dont work as root
                  > all the time -- it requires proper control over your mind :-)
                  >

                  have you heard of virtual hosting? yes, the servers are used for "serious
                  business". Most of the virtual hosting guys give out shell (ftp/ssh)
                  access for ppl. like u and me to upload stuff onto our website. I dont need
                  to mention the outcome, if all the customers who have hosted their website
                  with the particular webhosting service, are given root access. i rest my
                  case.

                  > why root ? use a dummy user, no problems with this.
                  >

                  how many dummy users? do you suggest i use the same "dummy user" for apache,
                  BIND, sendmail, etc.? i exploit one of these apps, and whoa! i have access
                  to the rest. neat.

                  > checkup your taste buds with a doctor :-)
                  >

                  The last i checked, they're just fine. trust me on that.

                  Nikhil.

                  --
                  Nikhil Shankar (nikhilwiz at yahoo.com)

                  Slackware Linux http://www.slackware.com/
                  I guess that's why people care: Simplicity is Divine.

                  _________________________________________________________
                  Do You Yahoo!?
                  Get your free @... address at http://mail.yahoo.com
                • Suresh Ramasubramanian
                  ... Tell you what, we run servers with ~ 20 million webmail users. ... That s right. However we wouldnt want to try what you suggest. ... Then once I gain
                  Message 8 of 15 , Dec 10, 2001
                  • 0 Attachment
                    +++ Santosh Cheler [10/12/01 09:47 +0000]:
                    > Cool man, have patience. Again, let me remind you, I am talking about
                    > servers
                    > used for serious business, not the ones in the universities' labs.

                    Tell you what, we run servers with ~ 20 million webmail users.

                    > btw, I am not a newbie(not an expert either), and I dont work as root
                    > all the time -- it requires proper control over your mind :-)

                    That's right. However we wouldnt want to try what you suggest.

                    > why root ? use a dummy user, no problems with this.

                    Then once I gain control of that dummy user, I can run some local root
                    exploit and get root.

                    --
                    Suresh Ramasubramanian + suresh <@> kcircle.com
                    Friday@... + http://www.kcircle.com
                  • Santosh Cheler
                    ... user stuff hosting is something we will have to think about, but atleast there will not be root exploits anymore. All I am trying to say is there are more
                    Message 9 of 15 , Dec 10, 2001
                    • 0 Attachment
                      >From: Nick Hill <nikhilwiz@...>
                      >business". Most of the virtual hosting guys give out shell (ftp/ssh)
                      >access for ppl. like u and me to upload stuff onto our website. I dont need
                      >to mention the outcome, if all the customers who have hosted their website
                      >with the particular webhosting service, are given root access. i rest my
                      >case.
                      >

                      user stuff hosting is something we will have to think about, but atleast
                      there will not be root exploits anymore. All I am trying to say is there
                      are more downsides than upsides bcoz of this restriction. Probably, details
                      have to worked out in more depth.


                      > > why root ? use a dummy user, no problems with this.
                      > >
                      >
                      >how many dummy users? do you suggest i use the same "dummy user" for
                      >apache,
                      >BIND, sendmail, etc.? i exploit one of these apps, and whoa! i have access
                      >to the rest. neat.
                      >


                      yeah, possibly different users...this way they are, at the least, miles
                      away
                      from the nuclear root.

                      _________________________________________________________________
                      Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
                    • Nick Hill
                      On Mon, Dec 10, 2001 at 10:17:09AM +0000, Santosh Cheler wrote: user stuff hosting is something we will have to think about, but atleast there will not be
                      Message 10 of 15 , Dec 11, 2001
                      • 0 Attachment
                        On Mon, Dec 10, 2001 at 10:17:09AM +0000, Santosh Cheler wrote:
                        > user stuff hosting is something we will have to think about, but atleast
                        > there will not be root exploits anymore. All I am trying to say is there
                        > are more downsides than upsides bcoz of this restriction. Probably, details
                        > have to worked out in more depth.
                        >

                        you dont stop riding a vehicle on the road just cuz the roads these days are
                        very accident prone. That's the not the idea. You improve the safety standards.
                        You put on seat belts, helmets et al.

                        You need to improve the security consciousness of admins, and force them to
                        implement better security in a public machine. if all multi-user boxen around
                        the world were to be turned into single user r00t-owned systems, we might as
                        well pack our bags, ang get back to good ol' win3.1/DOS, and what's this *nix
                        thingy anywayz? :)

                        Most importantly, the BOFH wouldn't exist without multi-user systems. How are
                        sysadmins s'posed to achieve their BOFH dream, if no users were let in? :D

                        > yeah, possibly different users...this way they are, at the least, miles
                        > away
                        > from the nuclear root.
                        >

                        applications are only half the picture. UNIX is designed to support many users.
                        It is also for preventing users from launching attacks against other users on
                        the same system. Have you ever heard of sotware development? CVS? Xterms? Since,
                        you claim not to be a newbie, I think i'll save some bytes, by not detailing
                        stuff. Supporting multiple users on an OS has a _lot_ of merits. Dont shy
                        away from security. Take it in your path, and implement it.

                        'nuff said.

                        Nikhil.


                        --
                        Nikhil Shankar (nikhilwiz at yahoo.com)

                        Slackware Linux http://www.slackware.com/
                        I guess that's why people care: Simplicity is Divine.

                        _________________________________________________________
                        Do You Yahoo!?
                        Get your free @... address at http://mail.yahoo.com
                      • ramana
                        ... Both methods definetly have some serious drawbacks. Instead of wasting time about which method is good, It is better to concentrate on improving security
                        Message 11 of 15 , Dec 11, 2001
                        • 0 Attachment
                          --- Santosh Cheler <csk4you@...> wrote:

                          >
                          > But then, why does apache need uid 0 for ?
                          > and why are ports < 1024 need uid 0 -- the reason
                          > for this is
                          > history -- long ago, the unix servers used to have
                          > large number
                          > of non-root users and not everybody was supposed to
                          > listen to
                          > these ports, for various reasons. But this is no
                          > longer the case
                          > in >75% of the servers. I am the only user on my
                          > server.
                          >
                          > and so in the present day case, it more beneficial
                          > to allow
                          > non-root users to bind to all the ports -- leaving
                          > less security
                          > holes.
                          >
                          > What are your opinions ?
                          >
                          >
                          > Santosh
                          >

                          Both methods definetly have some serious drawbacks.

                          Instead of wasting time about which method is good, It
                          is better to concentrate on improving security in
                          existing practise.

                          Most of the security break-downs are due to the
                          ignorance of adminstartors.

                          by
                          ramana


                          __________________________________________________
                          Do You Yahoo!?
                          Check out Yahoo! Shopping and Yahoo! Auctions for all of
                          your unique holiday gifts! Buy at http://shopping.yahoo.com
                          or bid at http://auctions.yahoo.com
                        • Santosh Cheler
                          Right in my first mail, I have restricted the discussion to yahoo like servers, where we do not expect shell users. I dont know why are digressing from this. I
                          Message 12 of 15 , Dec 11, 2001
                          • 0 Attachment
                            Right in my first mail, I have restricted the discussion to
                            yahoo like servers, where we do not expect shell users. I dont
                            know why are digressing from this.

                            I do not even understand why you think linux minus multiuser
                            capabilities is equivalent to windows 3.1/95/98. Note that I
                            did not mean to remove the multiuser capabilities, but just
                            not to use them.

                            I am just exploring this idea, and wanted your comments as I too
                            was/am not confident about it. I am convinced only with suresh's
                            comment about local root exploits.


                            Santosh

                            _________________________________________________________________
                            Join the world�s largest e-mail service with MSN Hotmail.
                            http://www.hotmail.com
                          • Nick Hill
                            On Wed, Dec 12, 2001 at 06:18:18AM +0000, Santosh Cheler wrote: Right in my first mail, I have restricted the discussion to yahoo like servers, where we do
                            Message 13 of 15 , Dec 12, 2001
                            • 0 Attachment
                              On Wed, Dec 12, 2001 at 06:18:18AM +0000, Santosh Cheler wrote:
                              > Right in my first mail, I have restricted the discussion to
                              > yahoo like servers, where we do not expect shell users. I dont
                              > know why are digressing from this.
                              >

                              hmm, i was thinking on similiar lines. The reason we "digressed" from
                              the topic on hand is cuz you said "Either you trust the machine and all of its
                              sysadmins and users, or you don't." That's where the thread branched
                              off.

                              > I do not even understand why you think linux minus multiuser
                              > capabilities is equivalent to windows 3.1/95/98. Note that I
                              > did not mean to remove the multiuser capabilities, but just
                              > not to use them.
                              >
                              > I am just exploring this idea, and wanted your comments as I too
                              > was/am not confident about it. I am convinced only with suresh's
                              > comment about local root exploits.
                              >

                              local root exploits can take place only if you allow a shell. Since
                              you dont plan to do that, you might be saved from that. But then,
                              there could also be a remote-local combo that can be done. exploit
                              a remote exploit to gain user access, and then run local exploit code
                              using the remote stackframe/code/et al. And, yes, this is sorta tough.
                              Atleast its not a 5cr1pt k1d133 thing. phew!

                              I'd still stick to a stronger security policy. Having different uid/gid
                              gives a lot of flexibility. If you're not in a mood to use them, go
                              ahead, but I dont think it'll be a pleasant drive.

                              Besides, if i have a remote exploit to your dummy user, and according to
                              your policy of allowing users to listen on ports <1024, i can make the
                              server listen on an alternate port (how about port 80? ;), and make your
                              webserver (apache) refuse to start up.

                              your idea of allowing everyone on ports <1024 could prove to be a security
                              nightmare. You're losing out on the security provided in the system, and
                              are planning to replace it by human intervention. There's more than you
                              think about a multi-user system, and security comes on top.

                              Nikhil.

                              --
                              Nikhil Shankar (nikhilwiz at yahoo.com)

                              Slackware Linux http://www.slackware.com/
                              I guess that's why people care: Simplicity is Divine.

                              _________________________________________________________
                              Do You Yahoo!?
                              Get your free @... address at http://mail.yahoo.com
                            • Santosh Cheler
                              ... agreed. ... This doesnt make sense in the present context as it (blocking apache) can be done even otherwise. Here is somebody else s comments in a
                              Message 14 of 15 , Dec 12, 2001
                              • 0 Attachment
                                >From: Nick Hill <nikhilwiz@...>
                                >local root exploits can take place only if you allow a shell. Since
                                >you dont plan to do that, you might be saved from that. But then,
                                >there could also be a remote-local combo that can be done. exploit
                                >a remote exploit to gain user access, and then run local exploit code
                                >using the remote stackframe/code/et al. And, yes, this is sorta tough.
                                >Atleast its not a 5cr1pt k1d133 thing. phew!
                                >


                                agreed.



                                >I'd still stick to a stronger security policy. Having different uid/gid
                                >gives a lot of flexibility. If you're not in a mood to use them, go
                                >ahead, but I dont think it'll be a pleasant drive.
                                >
                                >Besides, if i have a remote exploit to your dummy user, and according to
                                >your policy of allowing users to listen on ports <1024, i can make the
                                >server listen on an alternate port (how about port 80? ;), and make your
                                >webserver (apache) refuse to start up.
                                >


                                This doesnt make sense in the present context as it (blocking apache)
                                can be done even otherwise.




                                Here is somebody else's comments in a different mailing list:

                                Yes, there are plenty of local root exploits in Linux. There has even
                                been one in OpenBSD. Local root exploits are a fact of life in
                                non-trusted systems such as OpenBSD and Linux.

                                In your post you sugest that if I were running the web server as
                                non-root, and it had a buffer overflow or similar vulnerability, the
                                hack process would be this:

                                1. Hack into web server process.

                                2. Run local -> root exploit.

                                3. Done.

                                In the case where the server is running as root (which is the case on
                                all *UNIX things right now), the process looks like this:

                                1. Hack into web server process.

                                2. Done.

                                Your comment above basicly proves my point that we get better security
                                if we allow non-root stuff to bind to low ports. The reason why this
                                is such a big deal is that Step 2 (Run local -> root exploit) is an
                                extra barrier and it can be very very difficult barrier on some OSes,
                                such as OpenBSD or a well-configured Linux system. In its years of
                                existence, OpenBSD has had only one local -> root exploit.

                                On the subject of local -> root exploits, they are mostly caused by
                                SUID processes, like sendmail or "trivial" things like lpd or at. If
                                you want your server to be secure, audit the system for suid files and
                                turn off all that aren't absolutely necessary. This goes a long way.
                                Btw, there would be a lot _less_ suid stuff on systems if non-root
                                could bind to low ports. This would also prevent some local attacks.

                                Basically security design is hard to understand and few people
                                understand it. People who don't understand it often think that "more
                                restrictions means more secure", which is often incorrect, because it
                                often means that you need to run ordinary stuff at higher permission
                                levels to get around these restrictions, and that's bad. People who
                                understand security design think more in terms of comparentalization
                                and auditing than in terms of generic restrictions.

                                Trusted systems like EROS, Trusted BSD and SE Linux are based on this
                                idea. Root is the root of all evil, and so these three systems solve
                                the problem by not having root.

                                This may sound strange, but that actually makes the systems _easier_
                                to use.

                                Just for completeness, here is how the above attack would look on a
                                Trusted BSD system:

                                1. Hack into web server process.

                                2. Serve your own "| 0\^//\/ 7H|S S|73!!" message.

                                3. That's all you can do. Oh, and it's all audited.



                                _________________________________________________________________
                                Chat with friends online, try MSN Messenger: http://messenger.msn.com
                              • Nick Hill
                                On Thu, Dec 13, 2001 at 04:18:01AM +0000, Santosh Cheler wrote: In the case where the server is running as root (which is the case on all *UNIX things
                                Message 15 of 15 , Dec 13, 2001
                                • 0 Attachment
                                  On Thu, Dec 13, 2001 at 04:18:01AM +0000, Santosh Cheler wrote:
                                  > In the case where the server is running as root (which is the case on
                                  > all *UNIX things right now), the process looks like this:
                                  >
                                  > 1. Hack into web server process.
                                  >
                                  > 2. Done.
                                  >

                                  nope. that's _not_ the case. the webserver doesn't run as root. it changes its
                                  uid and euid when spawning a new process to handle a connection. Even if you
                                  exploit the webserver, all you get is the "dummy" user used. check this out:

                                  $ ps auxw|grep httpd
                                  root 84 0.0 1.4 40788 3648 ? S 20:34 0:00 /usr/sbin/httpd
                                  nobody 107 0.0 1.4 40812 3640 ? S 20:34 0:00 /usr/sbin/httpd

                                  the process is started by r00t, and then each process spawned to handle a
                                  new connection is forced to change its uid/gid and euid/egid to the one
                                  specified in the config file:

                                  User nobody
                                  Group nobody

                                  so, even if you exploit the webserver, you dont have r00t. about your comment
                                  on sendmail, the recent versions dont need r00t, too. the setuid/setgid method
                                  ensures that the service ports (0-1024) can still be started by root, and still
                                  remain secure, if they're exploited, because the attacker doesn't get root
                                  access, anywayz. get the idea? :)

                                  so, where does that leave us now?

                                  Nikhil.

                                  --
                                  Nikhil Shankar (nikhilwiz at yahoo.com)

                                  Slackware Linux http://www.slackware.com/
                                  I guess that's why people care: Simplicity is Divine.

                                  _________________________________________________________
                                  Do You Yahoo!?
                                  Get your free @... address at http://mail.yahoo.com
                                Your message has been successfully submitted and would be delivered to recipients shortly.