[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Jonathan Rickman jrickman at gmail.com
Thu May 19 17:08:36 EDT 2005


On 5/19/05, Jim Popovitch <jimpop at yahoo.com> wrote:

> Ok, why not throw in the car argument.  How do you protect your
> desktop/laptop PC(s) from car accidents?  Let take this thread in
> all sorts of directions.  The real issue here is that nobody can
> provide solid data that run-as-root on a desktop/laptop is bad.
> All they can do is hypothesis, describe hardware faults, and
> obfuscate the issue.  This thread has turned from a serious "why not"
> into multiple people spreading *FUD*, some presumably to probably
> pump up their own measly means of existence.


Ok, let's see if I can put this to rest before some folks, who are
otherwise a valuable source of knowledge, wear out their welcome in an
effort to argue for the sake of argument...

Clueless User A runs as a normal user. Hypothetical malicious code
designed to delete everything the user has permission to delete is run
for some imaginary reason. Clueless User's home directory is
destroyed. They still have a functioning system and can restore from
backup if they have it.

Clueless User B runs as a superuser. Hypothetical malicious code
designed to delete everything the user has permission to delete is run
for some imaginary reason. Clueless User's entire file system is
destroyed. The user no longer has a functioning system and must
reinstall (not the easiest thing for a truly clueless user) and then
restore from backup if they have it.

In the scenario involving Clueless User B, more damage was done.
Therefore, running as root was demonstrably less safe than running as
a normal user. In either scenario, the user data is destroyed. I agree
with you that the user data is more valuable than the system files.
But running as root does not magically protect the user files at the
expense of the system files. The user data is gone either way.
Ignoring the system files at this point is tantamount to having the
ability to put out a fire in one room of the house and simply ignoring
and allowing it to spread to the whole house because your most
valuable possessions were in the room where the fire started. I don't
think there's much room for a reasoned argument here, so I hope you
will drop the issue and accept the fact that those of us who suggest
that it is better to run as an unprivileged user are correct. Drew is
free to do as he desires and live with the potential consequences. I
would say that you are free to do the same, but I'm guessing that,
being fairly knowledgeable you do not make a habit of running as root.
That is what is so perplexing about your insistence on pursuing the
argument.

--
Jonathan



More information about the Ale mailing list