[ale] Linux Distributions
George Carless
kafka at antichri.st
Tue May 17 15:26:58 EDT 2005
> > Because if you are running as root, then so are the applications that
> > you are running, which means that you need to trust not only what you
> > are doing yourself, but also what all of those applications are doing.
> > And, whether by accident or by design, those applications might not be
> > doing what you think they are doing, and when they have unrestricted
> > access to the system then there is the risk of total, catastrophic
> > issues.
>
> BUT, if the user has the capabilities to do those "unrestricted" things
> (one could argue that formatting a drive or loading modules is
> unrestricted), then any application the user runs can do those same
> things. So, in sort if the user doesn't have permissions to do
> anything, the apps they run are restricted.
Well, there's always a tradeoff between convenience and security; that's a given. But by
running as root you're essentially sacrificing most all security, and I don't think it's
necessary (and I DO do a lot with my pc). I'm not advocating setting things up such that a
regular user account can essentially do anything anyhow - to do so is, to my mind, no
different from running as root, and I think it's unneeded and a bad idea.
> > most things--in fact, more things than you might
> > expect--can easily be coaxed
>
> BINGO! "coaxed" is the key. Why bother coaxing a thousand things for a
> user account, thereby opening those things up to other applications the
> user runs.
> If everything on the PC is specific to that one user (root or
> otherwise), then there is no worse harm running the buggy app as root or
> user xyz. In fact a good argument can be made that you are introducing
> a false sense of security by what you say above. Do you REALLY know
> what that buggy app just did?
Eh?
--------------------------------------
George Carless ... kafka at antichri.st
Words are just dust in deserts of sound
More information about the Ale
mailing list