[ale] Linux Distributions

Jim Popovitch jimpop at yahoo.com
Tue May 17 15:07:38 EDT 2005


On Tue, 2005-05-17 at 14:23 -0400, George Carless wrote:
> > > This is just asking for trouble.  
> > 
> > HOW SO?   Everyone says this, nobody every follows through with
> > specifics.
> 
> Because if you are running as root, then so are the applications that 
> you are running, which means that you need to trust not only what you 
> are doing yourself, but also what all of those applications are doing.
> And, whether by accident or by design, those applications might not be 
> doing what you think they are doing, and when they have unrestricted 
> access to the system then there is the risk of total, catastrophic 
> issues.

BUT, if the user has the capabilities to do those "unrestricted" things
(one could argue that formatting a drive or loading modules is
unrestricted), then any application the user runs can do those same
things.  So, in sort if the user doesn't have permissions to do
anything, the apps they run are restricted.

> > 
> > > Unless you're going to spend the time with a fine-tooth comb 
> > > to audit every piece of software that you run,
> > 
> > No need to audit software that you trust.  The fine tooth comb is needed
> > to set EVERYTHING up for a normal user to have access to gratuitous
> > system resources needed by everyday apps (iPODs, dvd burners, video
> > games, advanced sound card features (midi, etc).
> 
> First, I've not generally found that it IS necessary to open much up for 
> a 'normal user': 

I personally don't think you are doing much on your PC then.  ;-)

> most things--in fact, more things than you might 
> expect--can easily be coaxed 

BINGO!  "coaxed" is the key.  Why bother coaxing a thousand things for a
user account, thereby opening those things up to other applications the
user runs.

> [snip]  Let's say that you're browsing the 
> Web, as root, and your "trusted" Web browser has bugs in it.  Let's say 
> that some malicious person manipulates those bugs to wipe out your files 
> - result as a regular user: nothing too bad.  Results as root: oh-oh.

If everything on the PC is specific to that one user (root or
otherwise), then there is no worse harm running the buggy app as root or
user xyz.  In fact a good argument can be made that you are introducing
a false sense of security by what you say above.  Do you REALLY know
what that buggy app just did?

-Jim P.









More information about the Ale mailing list