[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Jim Popovitch jimpop at yahoo.com
Wed May 18 15:36:30 EDT 2005


On Wed, 2005-05-18 at 14:53 -0400, George Carless wrote:
> I'm not back-pedalling.  You made the claim that running as root was 
> perfectly safe.  It's incumbent upon you to support that claim.  

Hasn't he already?  He says he does run as root, and has been perfectly
safe for some time.  Everyone else says that is bad.  He and I say it
isn't universally bad, and no one has come forth with a reason that has
any implications that don't apply to normal users with the exceptions of
formatting a partition or "rm -rf /".  Those are two things that Drew
and I both believe are insignificant to the loss/risk of user data in a
partition/directory that the user (and any process they run) has full
and complete (including "rm -rf") capabilities.  Honestly using the
terms "users" and "root" in this discussion is ridiculous, as any user
can have a UID equal to zero, the account named "root" can be renamed to
"toor" (or whatever) and that account can have it's UID changed to >
1000.  The issue surrounds "god-like" mode, and frankly I find having
full access nice, easy, and yes still completely safe.  YMMV.

-Jim P.

> 
> And, you still think this is all about "hackers".  It's not.  It never was.

;-)  It's amazing how a thread can evolve.

> All of this nonsense about "assumptions" is a red herring.  Honestly: next 
> you'll be saying "but I could go out and buy a new machine, and restore off
> a backup, and so you it was SAFE for me to run as root!".  

I've seen many a non-root user need to replace hardware, do backups, buy
new machines, etc.  How are those items a symptom of running as root?

-Jim P.





More information about the Ale mailing list