[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Jim Popovitch jimpop at yahoo.com
Thu May 19 17:34:38 EDT 2005


On Thu, 2005-05-19 at 16:57 -0400, Jonathan Rickman wrote:
>
> Ok, let's see if I can put this to rest before some folks, who are
> otherwise a valuable source of knowledge, wear out their welcome in an
> effort to argue for the sake of argument...
> 
> Clueless User A runs as a normal user. Hypothetical malicious code
> designed to delete everything the user has permission to delete is run
> for some imaginary reason. Clueless User's home directory is
> destroyed. They still have a functioning system and can restore from
> backup if they have it.
> 
> Clueless User B runs as a superuser. Hypothetical malicious code
> designed to delete everything the user has permission to delete is run
> for some imaginary reason. Clueless User's entire file system is
> destroyed. The user no longer has a functioning system and must
> reinstall (not the easiest thing for a truly clueless user) and then
> restore from backup if they have it.
> 
> In the scenario involving Clueless User B, more damage was done.

That is false, and you just showed me that you don't really use your
Linux PC for anything important.  How often do you backup?  Do you do
any work in between backups?  What about the hour you take for lunch and
aren't around, did you do a backup before you left for lunch?  You
assumption that nothing important changes between backups is a flawed
one, and one that is very telling of how you use (or don't use) Linux.

> Therefore, running as root was demonstrably less safe than running as
> a normal user. In either scenario, the user data is destroyed. I agree
> with you that the user data is more valuable than the system files.

And that has been my sole argument all along.

> But running as root does not magically protect the user files at the
> expense of the system files. The user data is gone either way.

Yep.

> Ignoring the system files at this point is tantamount to having the
> ability to put out a fire in one room of the house and simply ignoring
> and allowing it to spread to the whole house because your most
> valuable possessions were in the room where the fire started. 

Bad analogy.  Loss of system files (the rest of the "house") is easily
remedied by reinstalling the base OS (note: not /home).

> I don't
> think there's much room for a reasoned argument here, so I hope you
> will drop the issue and accept the fact that those of us who suggest
> that it is better to run as an unprivileged user are correct. Drew is
> free to do as he desires and live with the potential consequences. I
> would say that you are free to do the same, but I'm guessing that,
> being fairly knowledgeable you do not make a habit of running as root.

Correct, I presently do not.

> That is what is so perplexing about your insistence on pursuing the
> argument.

Because, I frequently test/install new OSes (was running RHEL WS4 a
month or two ago) and the next time I do I am going to add user jimpop
and set UID to 0.  No credible evidence has been presented to show that
doing this is any more harmless than not.

-Jim P.






More information about the Ale mailing list