[ale] Linux Distributions

Jim Popovitch jimpop at yahoo.com
Tue May 17 16:17:48 EDT 2005


On Tue, 2005-05-17 at 15:10 -0400, Jason Day wrote:
> This argument may apply to an isolated computer, but it falls flat when
> you consider a computer that is connected to the internet on, say, a DSL
> or cable modem.  If you always run as root, and your account gets
> compromised, then your entire system is owned, a potential zombie or
> spam relay, and a platform for launching new attacks.  If you normally
> run as a normal user, and your account is compromised, then the
> potential for damage *to others* is much less, because the compromised
> user account cannot do everything that root can do.

Your examples (spam relay, zombie) don't require root, what do you think
needs root to launch an attack?    Again, these are 20 year old
arguments that apply to servers (for hacking websites, dns, email) that
have zero bearing on desktop PCs. 

> I suppose, from a purely selfish point of view, it makes no difference.
> Unless you're held accountable for actions an attacker takes using your
> compromised computer.

That assumes that you can come up with something malicious that needs
root rather than a non-root account.  What action does an attacker need
root for that I could be held accountable (presumably to others) for?

> > 
> > > Unless you're going to spend the time with a fine-tooth comb 
> > > to audit every piece of software that you run,
> > 
> > No need to audit software that you trust.  The fine tooth comb is needed
> > to set EVERYTHING up for a normal user to have access to gratuitous
> > system resources needed by everyday apps (iPODs, dvd burners, video
> > games, advanced sound card features (midi, etc).
> 
> It's really not that big a deal to add your user account to the dvd,
> video, audio, games, etc. groups.

BINGO.  That was my original entry into this thread.  I can configure a
thousand things (thereby giving my user account god-like access) or I
can just "useradd jimpop -u 0".  There really isn't much difference on a
desktop single-user PC/laptop.

> > 
> > > there's no rationale for running as root.  
> > 
> > Sure there is.  You may not see it however.
> 
> It's the same old argument that always comes up: security vs.
> convenience.  Like many things, it's more convenient to run as root, but
> less secure.

HOW IS IT LESS SECURE???  Less secure for who?  The User?  LOL!  Running
as a user is just as insecure for that user.  

> > What's the difference between "sudo mkfs /dev/hda8" and runing
> > "mkfs /dev/hda8" as root?   
> 
> The first requires an extra step.  If a trojan script has "mkfs
> /dev/hda8" in it, and you execute it as root, you just lost your
> filesystem.  If you execute it as a normal user you're safe.  That is,
> admittedly, a contrived example, but the principle still holds.

First off, it is too easy to have a malicious virus try both ways (mkfs
vs sudo mkfs).  In fact, I bet it can be done in a one line perl script
to format all available partitions.  HOWEVER, the other argument being
given is that running as root allows a zombies to magically infect your
machine.  Isn't mkfs the best thing for a zombie infected machine? :-) 

-Jim P.






More information about the Ale mailing list