Jump to content

Should root have his/her hands tied?


bvc
 Share

Poll: should root have his/her hand tied?  

30 members have voted

  1. 1. Poll: should root have his/her hand tied?

    • yes, serious security risk should be kept from root
      5
    • no, root should be able to do anything, else root is not root
      25


Recommended Posts

Personally, I think a lot of this has to do with an attempt to get away from the branded hippy/rebel image linux has in an attempt to be more mainstream and what the world expects. That is not what made linux what it is.

 

Mainstream? If giving up security is what it takes to become mainstream, then Linux doesn't need to go there. I did not vote on this and will not vote on this because it is a loaded question.

 

If I run as root and someone tricks me into running a malicious program, it runs with all my privileges...no hope. If, however, I'm logged in as regular user and they trick me into running it...they also have to trick me into su'ing to root first...maybe just one additional step, but a step nonetheless. If you want to run as root, that's fine. It's not safe for Joe Blow. You say it's safe, but you also say it's safe to run Windows with no antivirus. 50,000+ viruses/worms/trojans and 10s of thousands of infected machines say you're wrong.

But, like you said, this thread is not about logging in as root...it's about software developers' right to tell you you shouldn't/can't run their program as root. I think they have that right.

 

If you don't like it, write your own or edit the source code.

Edited by scoopy
Link to comment
Share on other sites

  • Replies 112
  • Created
  • Last Reply

Top Posters In This Topic

i have yet to hear a reasonable arguement on single desktops or home networks against running as root or running an app as root.

Thats because there isn't one. If your running a single desktop with no internet access you have nothing to worry about other than making your own mistakes.

And if running a home network or intranet where you feel you can truly trust everyone, great !! no problem.

But your not doing that are you? your running a computer as root which is connected to the net 24/7 .

And ( with respect ) no matter how much of a security or networking guru you are or wish to be, you are taking needless risks my friend.

name one

please

pretty please

with sugar on top :cheeky:

Link to comment
Share on other sites

Personally, I think a lot of this has to do with an attempt to get away from the branded hippy/rebel image linux has in an attempt to be more mainstream and what the world expects. That is not what made linux what it is.

 

Mainstream? If giving up security is what it takes to become mainstream, then Linux doesn't need to go there. I did not vote on this and will not vote on this because it is a loaded question.

 

If I run as root and someone tricks me into running a malicious program, it runs with all my privileges...no hope. If, however, I'm logged in as regular user and they trick me into running it...they also have to trick me into su'ing to root first...maybe just one additional step, but a step nonetheless. If you want to run as root, that's fine. It's not safe for Joe Blow. You say it's safe, but you also say it's safe to run Windows with no antivirus. 50,000+ viruses/worms/trojans and 10s of thousands of infected machines say you're wrong.

But, like you said, this thread is not about logging in as root...it's about software developers' right to tell you you shouldn't/can't run their program as root. I think they have that right. And to say that developers of P2P software shouldn't do it is even more moronic.

If you don't like it, write your own or edit the source code.

you got the mainstrean part backwards and did not understand what I was saying

 

I was JoeBlow when I started with linux as root....I was and am safe then and now

 

I have a lot of rights that are not right for me to do

 

as stated, those p2p clients pose no more risk than any other app or os

Edited by scoopy
Link to comment
Share on other sites

Root is root, god of the installation. It is absolute.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Oh yeah. You should never run all the time as root!! :twisted:

Link to comment
Share on other sites

name one

please

pretty please

with sugar on top :cheeky:

rm -rf /

that's not a risk

yes it is...everyone makes mistakes. mistakes are a risk. or are you perfect?

you know full well what I meant but I'll rephrase it...

name one risk that effects anyone other than the one that owns the machine

 

my data is backed up regularly so even a hack into my sys with al destroyed means nothing to me

I'll be back up and running inside an hour

Link to comment
Share on other sites

The question and topic is good, I'm not voting either because I don't want to :D

 

Should you login as root, NO

Should root have his/her hand tied. NO but, in this instance it really isn't since you could edit the source :D

 

I think this is a conspiracy of those developers trying to stop linspire users from using gdesklets. :cheesy:

 

I like secruirty stuff and I would really shy people away from doing all as root, but bvc and most of the people know the danger they are at risk of doing and that really isn't the topic I guess.

 

I have a linux box on my home network that the root account can't do diddle, I'll give them that one :banana:

Link to comment
Share on other sites

The off topic comments made in this thread (15) have been placed in a holding forum.

Please stay on topic and avoid personal attacks.

 

NOTE from scoopy: I have made further edits and move these off topic comments elsewhere for furthur review.

Edited by anon
Link to comment
Share on other sites

name one risk that effects anyone other than the one that owns the machine

with that i pose this question: in the real world (not in an idealistic internet society) is it not our own personal data which is our primary (and possibly only) concern?

 

backing up is something everyone should do, but unfortunately not many actually practice it (I admit, I don't, despite the fact I know better). And you can't deny that doing an rm -rf / accidentally can be, for joe blow, a rather large hassle - I know most windows users I deal with hate it when I tell them the best solution is a complete reinstall (this actually isn't something I want to do, but is rather the "suggested course of action" from our IT department for a variety of virus issues).

Link to comment
Share on other sites

On the side of security...

 

I dont consider running as root a security risk. If in the hands of a user with moderate experience or knowledge -- most people here.

 

Firstly, who here has had a box that has been comprimised? Out of those, who's boxes didnt have anything the hacker desired? And out of those, were you running a firewall? and out of those running a firewall, well, you're pretty unlucky.

 

Lets put this to scale. Linux, is reasonably secure by default, it would take a lot of work for someone to compromise your machine. I ran a debian box as my main box for months, no firewall at all, and I was uncompromised. I do run a firewall now ;)

 

And most people, and certainly someone like bvc would run a decent firewall.

 

Next, windows runs the same way, as an admin by default, and windows itself was not designed with security in mind and because of that is inherently insecure. A firewall on windows helps and blocks more nasties out.

 

which would be more secure, a firewalled windows box or a firewalled linux box?

 

the linux box.

 

With that in mind, the linux box would be more secure than more than 90% of the other desktop user's boxes out there.

 

So I wouldnt think security would be an issue with bvc running as root.

 

As for making the mistake of typing something like rm -rf / ..... well I learned from mistakes in the past rattling off rm -rf commands as my user and I consequently lost data.

 

Served me right for not backing up and for being careless. Now? I only use -f and -r when I have to, I use rmdir for directories and whenever I do use -f, I do so with care, I read the command over before hitting enter. And thats when im as my normal user, im even more carefull as root.

 

iphitus

Link to comment
Share on other sites

If I shouldn't be able to run things as root and that is how nix was meant to be, why did it take 20+ years to get that way for 2 small apps?

Because 20 years ago UNIX was used by professionals, today there are people coming from windows with your attitude.

 

You mightest well ask why it took X years to bring in a law against X,Y,Z when X,Y,Z have always been there... its not done until its obviously needed.

 

Surprisingly, I voted that root should be able to do anything. That is the nature of root, but I'm simply trying to explain the reasoning behind all of this, why these people have decided to hard code it. It's always been in the *nix philosophy...it's just no one has ever felt the need to explicitly implement it. These guys apparently feel that need, and it is their right to do so. (I realize I'm contradicting myself here. But understand there's a difference between my personal opinion and the philosophy - I understand both, I think).
This is exactly the point. The problem is an increasing number of windows for dummies people now using linux.

 

This is simply a simple step towards preventing people hurting themselves without flicking off the safety. This is easily illustrated:

 

well, apps that can't run as root suck, and some people would create a "uncorrupted" version - which means it can run as root - then redistribute that, then people would start flocking to it, leaving the crippled version in the dust.

I think not, I think you need to find another OS. Let those with suicidal tendencies (in an IT sense) flock to Arthux... you could advertise it as 'the insecure OS' and offer prozes for people who run it without being hacked...

 

Watch em flock!

 

I've heard many opinions but never a fact.

Fact last year I repaired 20+ PC's of people with viri, malware and spyware.

Fact my father who is an infrequent user had a PC riddled with malware .. he's a pretty low risk user except for knowledge. His online time is largely spent at medical sites etc. and given the medication he's on porn sites would be superfluous.

 

 

well they *are* freesoftware applications, so if you want to run them as root that desparately you can edit the source yourself... _THAT_ is the point of free software, not some bizarre desire to run as root.

 

Exactly the point.

Its also there right to write whatever they want and if the want to release it or not under the GPL.

 

If they want they can hard code it so that usernames cannot be obcene in thier eyes or they might write it in python and run a check to see if you have perl installed and terminate if you have? Its really up to them.

 

You have 3 choices:

1) Use it

2) Don't use it

3) edit the source.

 

If you can't/won't do three (and how hard can this be) then you have very little understanding of computers, its not rocket science!

 

Next you'll be wanting rifles fitted with a special reverse trigger so that people doing a hemmingway don't suffer the indignity of taking off their shoes!

Link to comment
Share on other sites

OK then 5) get another OS!

 

:D

 

The point is *nix is designed like this... if people wanna abuse it fine but don'6t bitch when it doesn't work the way you want it to.

 

I once had a discussion over M$ Excel. (back in v5 or so)

Sonmeone started using it as a project planning tool .. label the Columns JAN-FEB.... etc. and filling them in..

 

yep neato... and the second yr the columns got thinnger and the third year... thinner again. I was called in in yr 5 or 6...

'Why is Excel so crap?' they asked .. 'look we can hardly read it. '

 

The point being made by if that's what you want to achieve why start from there?

 

Linux is designed to have users and root. Root isn't a user its an admin account. Peopoe write progs assuming people are using a normal account.

 

I simply don't understand why anyone would want to run as root?

Is it to save typing a password if you wanna change something or what? Its like buying a big V12 car and complaining about the mpg.

 

which would be more secure, a firewalled windows box or a firewalled linux box?

 

the linux box.

You missed: Place these in order of security

a firewalled windows box

a firewalled linux box

a firewalled linux box running as root

a firewalled linux box with security well set up

 

As for making the mistake of typing something like rm -rf / ..... well I learned from mistakes in the past rattling off rm -rf commands as my user and I consequently lost data.

At the moment your biggest concern (as it should be) is getting your grades for school. When you have this out of the way and you have tax returns etc. you will realise that its not an inconvenience its a matter of life in prison or out of prison (extreme i know)

What i mean is if you loose your coursework the worse that can happen is you skip a year. (extreme) or there is a good chance the teacher might cut you slack.

 

If I loose my tax data before the deadline there is a good chance I will go to prison or at least pay a HUGE fine. If I miss by 1 second (in France) I automatically pay a 10% charge... there is NO NEGOTIATION... I could be in a plane crash in Brazil and the rest of my family killed and miss filing and I get charged. It is completely non negotiable...

 

Now in the rest of the real world we have less extreme but still important data.

 

tymark makes a god point concerning home use. Its mainly our data that's important. However our important data is pretty easy to copy (exclusing video's/movies I mean real data like letters and stuff)

 

However taking comments from yourself and arthur if I were interviewing you for a job you wouldn't get past 1st post.

 

If you did this in your job you wouldn't have a job any longer...

(depending on the machine and what it does you might get a warning)

 

Im completely serious here....consider it because this attitude makes you unemployable in any serious *nix admin position.

 

I once rebooted a huge oracle server by mistake when I forgot which host I was remotely logged into..... my sysad backed me up and it was lunchtime but I felt pretty stupid! Like he said... you won't do that again will you... just be glad it was this server and noone will have noticed!

Link to comment
Share on other sites

Here is my deal with this whole topic.

 

The developers made the code, like it or not, it's there. If you are in the "not", it is open and you can fork it and take out the line of code that makes it root only.

 

I agree with there line of thinking though :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...