[ale] Linux Distributions

George Carless kafka at antichri.st
Tue May 17 15:26:58 EDT 2005


> > Because if you are running as root, then so are the applications that 
> > you are running, which means that you need to trust not only what you 
> > are doing yourself, but also what all of those applications are doing.
> > And, whether by accident or by design, those applications might not be 
> > doing what you think they are doing, and when they have unrestricted 
> > access to the system then there is the risk of total, catastrophic 
> > issues.
> 
> BUT, if the user has the capabilities to do those "unrestricted" things
> (one could argue that formatting a drive or loading modules is
> unrestricted), then any application the user runs can do those same
> things.  So, in sort if the user doesn't have permissions to do
> anything, the apps they run are restricted.

Well, there's always a tradeoff between convenience and security; that's a given.  But by 
running as root you're essentially sacrificing most all security, and I don't think it's 
necessary (and I DO do a lot with my pc).  I'm not advocating setting things up such that a 
regular user account can essentially do anything anyhow - to do so is, to my mind, no 
different from running as root, and I think it's unneeded and a bad idea.

> > most things--in fact, more things than you might 
> > expect--can easily be coaxed 
> 
> BINGO!  "coaxed" is the key.  Why bother coaxing a thousand things for a
> user account, thereby opening those things up to other applications the
> user runs.

> If everything on the PC is specific to that one user (root or
> otherwise), then there is no worse harm running the buggy app as root or
> user xyz.  In fact a good argument can be made that you are introducing
> a false sense of security by what you say above.  Do you REALLY know
> what that buggy app just did?

Eh?

--------------------------------------
George Carless ... kafka at antichri.st
Words are just dust in deserts of sound



More information about the Ale mailing list