D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Advice - Root Log-in

 

On Friday 31 March 2006 10:18 pm, Neil Williams wrote:
> Developers of packages that can be routinely expected to be run as root
> (base level utils, CLI text editors etc.) therefore take precautions to
> avoid certain code flaws that may expose a vulnerability later on etc.
> Developers of the rest of the packages in the archive will do some of these
> tests just out of good practice and to avoid/fix bugs that cause the
> package to fail on certain platforms. This difference in expected usage
> therefore leads to a LARGE difference at the source code level and a
> relatively higher risk of vulnerabilities in programmes that most
> developers would consider as "user-level-only". Typically, most GUI 
> programmes would be categorised as user-level only: web browsers, email 
> clients - anything that a system administrator would not be expected to 
> routinely use as the root user. 

Incidentally, this explains an element of Windows security problems, certainly 
during the life of Win9x which is the last Win platform that I studied in any 
depth. So far, I have seen no evidence that the principle has changed in XP.

Internet Explorer is just a wrapper of Windows Explorer which in turn is 
tightly bound into low level system calls that, in the GNU world, would 
require root level permissions. What Windows developers call integration, GNU 
developers call inbuilt vulnerability.

In the GNU world, it is accepted that writing a user-level programme, like a 
web browser, is an inherently different task to writing the kernel. They are 
different packages, different models and have completely separate memory 
space. Konqueror may be able to browse the web and the local filesystem 
without a join but it still runs only as a user. Microsoft seem to abandon 
this principle in the name of integration when in reality all that it does is 
expose root-level vulnerabilities in user-level code.

A bug in IE can allow malware to tunnel straight down to root (or admin in 
Win-speak) privileged code and therefore undermines any security implemented 
elsewhere in the system.

Imagine a bank that has a security guard on the front door and a tunnel in the 
street that leads straight into the vault.

GNU/Linux may have similar tunnels from time to time but they only lead into 
the main lobby, not the vault. Logging into a GUI desktop as root redirects 
ALL those tunnels directly into the vault. At a stroke you undo ALL the 
security inherent in the GNU/Unix permissions model. It's absolute madness.

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpRuYXQGFIvA.pgp
Description: PGP signature