Date: Thu, 4 Oct 2001 07:56:40 +0000 (GMT) From: Kris Kirby <kris@catonic.net> To: <freebsd-chat@freebsd.org> Subject: Fortune Canidate (Was: [nlug] Re: Being Root in X....was Re: dog cussing mandrake 8.1) Message-ID: <Pine.BSF.4.33.0110040754540.85009-100000@spaz.catonic.net>
next in thread | raw e-mail | index | archive | help
See below: "Think of all the nasty things you could do to yourself if you had a split personality that didn't like you" <- that's the canidate. ----- Kris Kirby, KE4AHR | TGIFreeBSD... 'Nuff said. <kris@nospam.catonic.net> | ------------------------------------------------------- "Fate, it seems, is not without a sense of irony." ---------- Forwarded message ---------- Date: Thu, 4 Oct 2001 00:56:00 -0500 From: Rick Bradley <roundeye@roundeye.net> Reply-To: nlug@linuxlists.org To: NLUG ListServ <nlug@linuxlists.org> Subject: [nlug] Re: Being Root in X....was Re: dog cussing mandrake 8.1 * William Turner (wjturner@home.com) [011004 00:30]: > Just exactly what are the "bad things" that are supposed to happen? I'm presuming you're asking this to get some responses into the archives and not because you actually think there's nothing wrong with treating the root account as a normal user account. Here's some possibilities for ya: 0 - scenario: someone walks up, clicks "terminal" on the pretty start bar, and then types rm -rf / 1 - scenario: you drag /bin (or equivalent) to the trashcan (or equivalent) and hose your system -- this actually happened at Ascend^WLucent -- a friend of mine had to come in and clean up; Sun 450 running CDE but the principle's the same. Of course the WinNT-advocating bonehead didn't even get fired or shot in public. 2 - you open yourself up to any number of now-deadly stupid symlink vulnerabilities, now-deadly buffer overflows, race conditions, etc., by doing this. 3 - every process you run now by default runs as root. This is bad. This is like running Windows -- but on a system where you have enough rope to hang yourself and a group of your closest friends. I.e., it's like running Windows but it's a real operating system. 4 - scenario: someone does (at an xterm in your session): # cat >> ~/.bash_profile export PATH=/tmp:$PATH ^D N - You are running as root. Principle of least privilege is not an arbitrary doctrine if you want to maintain availability, security, integrity, etc. More evidence that running as root is bad: try running perldoc perlfunc as root. You can't. There are plenty of good reasons for this. Some of the problems have to do with physical security. While physical security is always the foundation for broader security (i.e, you could argue "well someone could just boot with their own floppy if they want to screw my system" -- which is only as true as you make it; it took me 45 minutes to begin loading media when I upgraded my firewall last weekend because my firewall has no external drives, no compiler, a password-protected BIOS (to which I'd forgotten the password and none of the backdoors worked and the motherboard docs were lost 5 years ago (I figured out which jumper did the trick though)), and no network downloading tools of any sort, and I didn't even own a working floppy drive) there's no point in making it *easier* for someone to hose your system/network (or worse things than breaking your system...). When someone gains root access to your system they have the capability in almost every case (other than probably sending gpg-encrypted emails or other passphrase-controlled public key operations -- and that's only temporary with a cracker or a key sniffer and access to your key files) of *being* you for all practical purposes. Think about the really nasty things you could do to yourself if you had a split personality that really hated you... The other problems are mostly issues of availability -- you're basically very likely to ruin things and cause downtime, loss of data, and the like. This is really where the bulk of the "don't run everything as root" mentality comes from -- people who've been burned bad this way don't tend to get burned again, and also make sure that people know how bad an idea it is to run everything as root. A misplaced typo or thinko (kill, rm, etc.) causes a lot more damage running as root. Security-wise there are plenty of problems as well -- escalation of privileges isn't tough when you're already escalated. Stupid little race conditions and buffer overflows in mail readers, window managers, etc., suddenly become root compromises. You're almost guaranteed to be network connected and since my email address is now on your machine when you get compromised I become a potential target -- however small the probability it's now higher that someone starts attacking me because you ran X as root. And if that happens then more bad shit starts happening. :-) Rick -- Mostly useless pseudo-random number: 239 Rick Bradley - http://xns.org/=rick@eastcore.net (75 F) -- Send all requests to: nlug-request@linuxlists.org Put your command in the SUBJECT of the message: "subscribe", "unsubscribe", "set digest on", or "set digest off" ********************************************************************** This list is from your pals at NetCentral <http://www.netcentral.com/>; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0110040754540.85009-100000>