D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Advice - Root Log-in

 

David Bell wrote:
>
> Assuming that root <me> is acting responsibly, what are the security risks?

Assuming you mean by security keeping the system available and
functioning, without losing data.....

1) Accident (you) -- you can accidentally render the machine inoperable.
"rm -rf *" is the old chestnut, but GUIs make it far easier (well ones
that don't stop every 2 files, to say someone else is reading that file,
so I can't delete it).

1a) Note root has access to the system in ways ordinary users can't
dream off. Look at permissions on your root partitions device file. Root
can mess up by writing to this file, ordinary users can't.

$ ls -l /dev/sda1
brw-rw---- 1 root disk 8, 1 2006-02-15 15:27 /dev/sda1

You might thing you are unlikely to mess up doing this. But say how
often might you write something to say floppy (or USB), which have
similar file names, and are probably only a click away. Debian avoids
this by creating different groups for the different types of access.

$ ls -l /dev/fd0
brw-rw---- 1 root floppy 2, 0 2006-02-15 15:27 /dev/fd0

Outside of the filesystem, you can accidentally kill the wrong process.


2) Accident (programmer) -- programs, especially GUIs are generally used
in a non-root environment. Sometimes programs, or system calls behave
differently for root.

A curious example I stumbled across recently is the Debian "cu" program,
which doesn't work for root, because it still has the setuid, setgid
calls from its Redhat heritage, and thus root doesn't have permission to
access the modem after the setuid takes place. Clearly a bug, obscure,
that only affects root users on Debian.

3) Theoretically running as root makes exploits easiers. In that malware
can find other executables to infect. In the GNU/Linux world this isn't
common because most people know not to run as root, so little such
malware exists. Practically this is a limited issue, as the malware
doesn't exist, and that which does doesn't expect to find itself with
root privileges.

Of course if a lot of people run their desktop as root, like say Windows
XP Home (or earlier versions of Windows, and other OSes that existed for
isolated cheap desktops), you quickly discover that the world is full of
malware, and retrofitting security is difficult (read impossible) as
applications developers all assumed they had root privilege.


4) On systems with many users, a proper user model prevents one user
mistakes affecting the other users (or limits the damage to deliberately
shared files).

That said I'm a system administrator, I spend a lot of my day as root,
or with root level privileges, and I don't make many significant typos.
However I don't run GUIs on any of those boxes as root, it is all
command line driven, and all day to day desktop work (email, browsing)
is done as an ordinary user. I've occaisonally been know to run lynx
(for downloads), perldoc, and reportbug as root, I feel suitably guilty,
and lazy, although I don't think the risks from these is that huge.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html