[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Jim Popovitch jimpop at yahoo.com
Thu May 19 16:15:03 EDT 2005


Michael,

Please put me in your killfile.

Thx,

-Jim P.

On Thu, 2005-05-19 at 15:14 -0400, Michael B. Trausch wrote:
> Jim Popovitch wrote:
> > 
> > Listen folks, the issue of total resiliency is not what this RUN-AS-ROOT
> > discussion is/was about.  A car could come through the wall and destroy
> > the computer.  Lighting could strike the powerline, hail could melt and
> > flood, the dog could chew..., the kid could put cheese in...., the mad
> > wife could pour bleach, etc., etc., etc.,  yada yada yada.
> > 
> > What hasn't been shown is how running as non-root prevents the permanent
> > LOSS OF DATA (the real value on a Desktop/laptop) any more so than
> > running as root.  
> > 
> > Re-flashing the BIOS is minor to rebuilding past work.
> > 
> 
> Riiiight.  Have an end user say that.  Smarter end users actually use
> CD-RW and DVD +/- RW drives for something called "backing up their data."
> 
> Why?  They're used to losing it all the time to their operating system.
>  Granted, this happens a little bit less since the widespread acceptance
> (read: "push") of NTFS into the user market, however, it still happens.
>  In-place reinstalls aren't perfect.  Things break, things fail.  And
> the whole issue is that much of the problems that plague those systems
> would be preventable if they weren't running as a god-like user all of
> the time.
> 
> A regular user can't write to the operating system's protected areas, or
> kill off utilities that are used by the system, or any of that type of
> crap.  If people in general ran as regular users, they wouldn't need to
> lose their stuff all of the time.  They might be forced to lose it when
> the hard disk drive dies or something like that, but not becuase of a
> vulnerability that they would otherwise not needed to try to work around
> becuase they were running as a regular user.  You want to make the
> entire argument about data, well there you go.  There are reasons that
> running as root can help to demolish your data, and yet again, you will
> overlook and ignore them, no?
> 
> 	- Mike
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list