[ale] Linux Distributions

Jason Day jasonday at worldnet.att.net
Tue May 17 15:20:16 EDT 2005 

On Tue, May 17, 2005 at 02:09:01PM -0400, Jim Popovitch wrote:
> On Tue, 2005-05-17 at 13:56 -0400, George Carless wrote:
> >
> > Why would you want to run a desktop as root?  
> 
> Quite simply so that I don't have to configure a thousand things in
> sudo, /dev, /proc, etc.   I like to bring up my network interfaces,
> configure iptables on the fly, change MTU, mount partitions, reformat
> temp space, access /dev/audio, /dev/dvd, /dev/midi0, etc.   What's the
> difference between giving a user access to everything vs running as
> root? 

Requiring the user to become root first adds an extra layer of security
(see below).

> 
> > This is just asking for trouble.  
> 
> HOW SO?   Everyone says this, nobody every follows through with
> specifics.

Michael Robertson made a similar argument recently to justify his
decision to run everything as root in Linspire.  His main argument was
that, from a user perspective, the data is the only thing that's
important.  And since a virus/malware/mistake/whatever can potentially
destroy all of your data whether you're root or not, why put up with the
"hassle" of running as non-root?

This argument may apply to an isolated computer, but it falls flat when
you consider a computer that is connected to the internet on, say, a DSL
or cable modem.  If you always run as root, and your account gets
compromised, then your entire system is owned, a potential zombie or
spam relay, and a platform for launching new attacks.  If you normally
run as a normal user, and your account is compromised, then the
potential for damage *to others* is much less, because the compromised
user account cannot do everything that root can do.

I suppose, from a purely selfish point of view, it makes no difference.
Unless you're held accountable for actions an attacker takes using your
compromised computer.

> 
> > Unless you're going to spend the time with a fine-tooth comb 
> > to audit every piece of software that you run,
> 
> No need to audit software that you trust.  The fine tooth comb is needed
> to set EVERYTHING up for a normal user to have access to gratuitous
> system resources needed by everyday apps (iPODs, dvd burners, video
> games, advanced sound card features (midi, etc).

It's really not that big a deal to add your user account to the dvd,
video, audio, games, etc. groups.

> 
> > there's no rationale for running as root.  
> 
> Sure there is.  You may not see it however.

It's the same old argument that always comes up: security vs.
convenience.  Like many things, it's more convenient to run as root, but
less secure.

> 
> > Become root - or sudo - when you need to; the rest of 
> > the time, don't.  Otherwise, running as root without problems is just a 
> > matter of luck.  How you have things configured really doesn't make too 
> > much difference when a sleep-deprived session leads you to inadvertently 
> 
> What's the difference between "sudo mkfs /dev/hda8" and runing
> "mkfs /dev/hda8" as root?   

The first requires an extra step.  If a trojan script has "mkfs
/dev/hda8" in it, and you execute it as root, you just lost your
filesystem.  If you execute it as a normal user you're safe.  That is,
admittedly, a contrived example, but the principle still holds.

Jason
-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9

More information about the Ale mailing list