[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Friday 31 March 2006 9:05 pm, David Bell wrote: > On Friday 31 March 2006 19:47, Neil Williams wrote: > > On Friday 31 March 2006 11:06 am, David Bell wrote: > > > Speaking purely as a Debian Sarge home desktop user, sitting behind a > > > router and IPCop box, is it a significant security risk to permit root > > > to log-in to the KDE Desktop? > > > > There is nothing you can do with a root login that you cannot do from a > > user login with su and/or sudo. > > Agreed, but it doesn't answer my original question. Is there a *security* > risk using Root logins, for purely administering the system, versus su/sudo > as a user. Discounting the tales of woe about idiots who browse/email etc. > or bumble fingers that delete files etc.; whilst logged in as Root. Yes. Simon partially answered that part of the question. An exploit in a programme executing as root can allow a security breach with root level permissions. Developers of packages that can be routinely expected to be run as root (base level utils, CLI text editors etc.) therefore take precautions to avoid certain code flaws that may expose a vulnerability later on etc. Developers of the rest of the packages in the archive will do some of these tests just out of good practice and to avoid/fix bugs that cause the package to fail on certain platforms. This difference in expected usage therefore leads to a LARGE difference at the source code level and a relatively higher risk of vulnerabilities in programmes that most developers would consider as "user-level-only". Typically, most GUI programmes would be categorised as user-level only: web browsers, email clients - anything that a system administrator would not be expected to routinely use as the root user. Writing code to prevent or avoid these problems is a LOT of extra effort - another way of saying that security is the opposite of convenience. The end result is that programmes that developers would expect to be only executed with ordinary user level permissions are at an inherently higher risk of vulnerabilities. This is acceptable because such vulnerabilities are unknown at the time of development and can be very difficult to solve or prevent. Running such programmes as the root user is simply asking for trouble. IF a vulnerability or programming error shows up, the consequences are always MUCH more serious when the bug is in a programme running as root. Free software is good but it is far from bug free. Crashes do happen, vulnerabilities do exist and it is reckless in the extreme to believe that you are immune to catastrophe. > > In all cases, the user account is preferable because you really shouldn't > > be using web browsers and email clients as root. (When you're trying to > > fix problems on a box by being root, you can't tell me you aren't going > > to want to browse Google or check for answers via email.) > > An assumption that a person will invoke sod's law. Being a GUI sort of > person there ain't any browsers or email icons on the Root desktop to tempt > me :~) That's a hint. :-) IMHO there should be no such thing as a root desktop. It's an oxymoron. As a developer of user-level-only programmes, I can assure you that anyone who ever executes such programmes as the root user deserves everything they get. I will not be held responsible for the consequences of running any of my code as the root user! You have been warned! It is not a scenario that has been even remotely considered during development, it is not a usage that has any benefit in operation. There are NO circumstances that would ever require the use of this code by the root user. IMNSHO anyone who runs user-level-only packages as the root user does not *deserve* root access in the first place. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgp8uoqjIIX0r.pgp
Description: PGP signature