[ale] Linux Distributions

Alexander Barton abarton at mindspring.com
Wed May 18 02:15:19 EDT 2005


Jim Popovitch wrote:
> On Tue, 2005-05-17 at 20:43 -0400, Michael B. Trausch wrote:
> 
>>The other problem is that you cannot trust users, and sometimes you
>>can't trust yourself.  If your user has access to things, that's fine,
[...]
> But, if you are the only desktop user (i.e. not a server) of your own
> machine, 99% of what you say above is non-applicable.  So, looking at it
> from a different angle, say a traveling Linux laptop user, where's the
> risk of running as root?

Once upon a time, I helped to mantain a user application that ran as 
root.  During one particular release of this application, the Linux box 
that ran it would seemingly just crash without warning and require a 
hard reset.  It was at a remote installation so it was hard to diagnose. 
  We thought it must be hardware, or maybe an OS bug, but clearly not 
the application's fault, and so we developers waited patiently for the 
admins and IT folks to solve the problem.

Eventually they determined that the machine hadn't crashed, but was in 
some wierd trans-shutdown state.

After many many man-hours spent it was figured out, to the developer's 
chagrin, that it was the application that was crashing.  And as it 
crashed, running as root, it would "kill -9" random processes (like 
init) and take the OS down with it, but not cause a reboot.

The moral here is obvious.

# rm -rf /tmp/foo
rm: cannot remove `tmp/foo': No such file or directory
# cd ..
chdir: could not get current directory: getcwd: cannot access parent 
directories: No such file or directory

Oops.


-ALexander



More information about the Ale mailing list