[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
David Bell wrote: > > Assuming that root <me> is acting responsibly, what are the security risks? Assuming you mean by security keeping the system available and functioning, without losing data..... 1) Accident (you) -- you can accidentally render the machine inoperable. "rm -rf *" is the old chestnut, but GUIs make it far easier (well ones that don't stop every 2 files, to say someone else is reading that file, so I can't delete it). 1a) Note root has access to the system in ways ordinary users can't dream off. Look at permissions on your root partitions device file. Root can mess up by writing to this file, ordinary users can't. $ ls -l /dev/sda1 brw-rw---- 1 root disk 8, 1 2006-02-15 15:27 /dev/sda1 You might thing you are unlikely to mess up doing this. But say how often might you write something to say floppy (or USB), which have similar file names, and are probably only a click away. Debian avoids this by creating different groups for the different types of access. $ ls -l /dev/fd0 brw-rw---- 1 root floppy 2, 0 2006-02-15 15:27 /dev/fd0 Outside of the filesystem, you can accidentally kill the wrong process. 2) Accident (programmer) -- programs, especially GUIs are generally used in a non-root environment. Sometimes programs, or system calls behave differently for root. A curious example I stumbled across recently is the Debian "cu" program, which doesn't work for root, because it still has the setuid, setgid calls from its Redhat heritage, and thus root doesn't have permission to access the modem after the setuid takes place. Clearly a bug, obscure, that only affects root users on Debian. 3) Theoretically running as root makes exploits easiers. In that malware can find other executables to infect. In the GNU/Linux world this isn't common because most people know not to run as root, so little such malware exists. Practically this is a limited issue, as the malware doesn't exist, and that which does doesn't expect to find itself with root privileges. Of course if a lot of people run their desktop as root, like say Windows XP Home (or earlier versions of Windows, and other OSes that existed for isolated cheap desktops), you quickly discover that the world is full of malware, and retrofitting security is difficult (read impossible) as applications developers all assumed they had root privilege. 4) On systems with many users, a proper user model prevents one user mistakes affecting the other users (or limits the damage to deliberately shared files). That said I'm a system administrator, I spend a lot of my day as root, or with root level privileges, and I don't make many significant typos. However I don't run GUIs on any of those boxes as root, it is all command line driven, and all day to day desktop work (email, browsing) is done as an ordinary user. I've occaisonally been know to run lynx (for downloads), perldoc, and reportbug as root, I feel suitably guilty, and lazy, although I don't think the risks from these is that huge. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html