Jump to content

Should root have his/her hands tied?


bvc
 Share

Poll: should root have his/her hand tied?  

30 members have voted

  1. 1. Poll: should root have his/her hand tied?

    • yes, serious security risk should be kept from root
      5
    • no, root should be able to do anything, else root is not root
      25


Recommended Posts

with that i pose this question: in the real world (not in an idealistic internet society) is it not our own personal data which is our primary (and possibly only) concern?....

 

....And you can't deny that doing an rm -rf / accidentally can be, for joe blow, a rather large hassle

maybe yours but it's not a concern of mine

once while moving a /usr partition I had a /usr/usr I wanted to remove. I was in /usr and should have rm -fR usr but instead did rm -fR /usr

Live and learn, eh, no biggy....reinstall

That's for each individual to learn the hard way...the only way to learn somethimes for some people. To take that command from root, to protect root, is insane and takes the power out of linux's cli.

 

This is simply a simple step towards preventing people hurting themselves without flicking off the safety.
what makes you think anyone has that authority? Read my SIG

 

I think not, I think you need to find another OS. Let those with suicidal tendencies (in an IT sense) flock to Arthux... you could advertise it as 'the insecure OS' and offer prozes for people who run it without being hacked...

 

Watch em flock!

again, you steer the thread OT. I ask that "running as root' all the time...loggin in ...whatever not be discussed because

1. it is an old arguement

2. no facts have ever be provided to back the philosophy to begin with

 

Fact last year I repaired 20+ PC's of people with viri, malware and spyware.

Fact my father who is an infrequent user had a PC riddled with malware .. he's a pretty low risk user except for knowledge. His online time is largely spent at medical sites etc. and given the medication he's on porn sites would be superfluous.

you didn't read phitus's post did you?

these were win machines, correct?

uhhu

 

You have 3 choices:

1) Use it

2) Don't use it

3) edit the source.

 

If you can't/won't do three (and how hard can this be) then you have very little understanding of computers, its not rocket science!

1. already said I never have

2. see #1

3. try reading my post

it is rocket science for the new windows convert that wants eyecandy

if you think I have any prob compiling, I can't imagine why you'd think that

 

The point is *nix is designed like this... if people wanna abuse it fine but don'6t bitch when it doesn't work the way you want it to.

 

..Linux is designed to have users and root. Root isn't a user its an admin account. Peopoe write progs assuming people are using a normal account.

regardless of how it was designed, it is not what made it what it is. Have you looked at the votes lately? People shouldn't assume that people do not run as root when developing an app.

 

You missed: Place these in order of security

a firewalled windows box

a firewalled linux box

a firewalled linux box running as root

a firewalled linux box with security well set up

again, no facts have ever been produced to prove a firewalled linux box running as root is less secure than as a user

 

However taking comments from yourself and arthur if I were interviewing you for a job you wouldn't get past 1st post.
we are not....we are talking of home machines. I'm sure they would behave differently in a corp setting just as I would. because "If you did this in your job you wouldn't have a job any longer... "

 

so why did you even bother posting all that :rolleyes:

 

Im completely serious here....consider it because this attitude makes you unemployable in any serious *nix admin position.
but we are at home now so...????

 

cybr, whos line of thinking?

Edited by bvc
Link to comment
Share on other sites

  • Replies 112
  • Created
  • Last Reply

Top Posters In This Topic

I agree with the developers, dont allow root to run gui programs like gdesklets or p2p software.

 

/me doesn't even allow root to login to X so it wont hurt me.

 

I think if the massess want to flock to Linux than they should learn to use it the way *nix was intended with root accounts.

Link to comment
Share on other sites

Yes, the X server runs as root, but that doesn't mean you can't stop root from loging into X. Stop being a term meaning you can set it to not let root do it, but if you have root access and no you can edit kdm/gdm/xdm/blah then you could change it back. By default I believe you will see distro's moving to that, if it was up to me anyways :D (not all distros, just the smart ones) :lol2:

Link to comment
Share on other sites

(quote=tymark) with that i pose this question: in the real world (not in an idealistic internet society) is it not our own personal data which is our primary (and possibly only) concern?....

 

....And you can't deny that doing an rm -rf / accidentally can be, for joe blow, a rather large hassle (/quote)

 

maybe yours but it's not a concern of mine

once while moving a /usr partition I had a /usr/usr I wanted to remove. I was in /usr and should have rm -fR usr but instead did rm -fR /usr

Live and learn, eh, no biggy....reinstall

That's for each individual to learn the hard way...the only way to learn somethimes for some people.  To take that command from root, to protect root, is insane and takes the power out of linux's cli.

Most people can't reinstall either windows or linux. This is a sad but true fact and one you are forgetting. Jo blo buys books like office for dummies and then smiles in wonder as File Open opens the fileopen common dialog!

I personally don't understanbd how people can't see the obvious... but the fact remains most can't.

 

(quote=Gowator) This is simply a simple step towards preventing people hurting themselves without flicking off the safety. (/quote)

 

what makes you think anyone has that authority? Read my SIG

The people writing the programs have whatever authority they want... ultimately don't use it (or write themes for it) if you disagree ... what authority do you have to tell them how to write their programme?

 

Your argument lacks any substance because this is pissing you off. I don't completely disagree with your principle principle but you are not seeing the other side. If you were writing a woindows script and you found it annoying that your format C: had no override you'd be pissed the same. "Who are they to force me to answer am I sure Y/N? "

 

(quote) I think not, I think you need to find another OS. Let those with suicidal tendencies (in an IT sense) flock to Arthux... you could advertise it as 'the insecure OS' and offer prozes for people who run it without being hacked...

 

Watch em flock! (/quote)

 

again, you steer the thread OT. I ask that "running as root' all the time...loggin in ...whatever not be discussed because

1. it is an old arguement

2. no facts have ever be provided to back the philosophy to begin with

 

(quote=Gowator) Fact last year I repaired 20+ PC's of people with viri, malware and spyware.

Fact my father who is an infrequent user had a PC riddled with malware .. he's a pretty low risk user except for knowledge. His online time is largely spent at medical sites etc. and given the medication he's on porn sites would be superfluous. (/quote)

 

you didn't read phitus's post did you?

these were win machines, correct?

uhhu

..yes of course but so what!

10 yerars ago you could be connected without even thinking of an antivirus... did they even exist? 5 yrs ago they were common and today they are ubitiquous.

 

Your reasoning says I leanred this from scratch so everyone can....

It isn't up to you to make that decision for them.... some peope like my Dad only want a computer to check certain medical sites or hobby sites and the computer is just a infrequently used tool for them. They don't want to have to learn ... others just aren't capable.

 

(quote=Gowator) You have 3 choices:

1) Use it

2) Don't use it

3) edit the source.

 

If you can't/won't do three (and how hard can this be) then you have very little understanding of computers, its not rocket science! (/quote)

 

1. already said I never have

2. see #1

3. try reading my post

it is rocket science for the new windows convert that wants eyecandy

if you think I have any prob compiling, I can't imagine why you'd think that

I don't think YOU have any problem compiling not do I think _you_ have a big problem configuring a firewall etc. that is the exact point Im making.

You quote 5yrs ago I started using windows with no anti-virus .... but you don't acknowlege the difference in todays internet and that 5 yrs ago or 10!

The point is those who do have problems compiling will also have problems making windows safe or discovering the hardway what rm -rf does!

 

(quote) The point is *nix is designed like this... if people wanna abuse it fine but don'6t bitch when it doesn't work the way you want it to.

 

..Linux is designed to have users and root. Root isn't a user its an admin account. Peopoe write progs assuming people are using a normal account. (/quote)

 

regardless of how it was designed, it is not what made it what it is. Have you looked at the votes lately? People shouldn't assume that people do not run as root when developing an app.

Nope Im not interested in the votes....

Everyone who has commented and I know is an IT professional has voted either against or abstained to vote... many of those who voted for are under 18 (although very knowledgable all the same)... their outlook is slightly different to someone with tax deadlines etc.

 

(quote=Gowator) You missed: Place these in order of security

a firewalled windows box

a firewalled linux box

a firewalled linux box running as root

a firewalled linux box with security well set up (/quote)

 

again, no facts have ever been produced to prove a firewalled linux box running as root is less secure than as a user

Anon has already covered that....

I suppose you run apache as root too.

Let me explain this the easy way....

Apache is running as root...

someone uses a cgi-script and alters it to rm -rf / (for example)

 

root owns the process and can carry out the command....

 

alternative apache runs as apache or www whatver....

At the most it can delete /var/html

even then the file protection will protect ro files... not so with root!

 

Now the simple case... you are running mozilla/whatever browser as root and the js process instead of browsing your files deletes them... modifies them, searches them for acct details and sends em to someone. (How do you think a upload files dialog works?) It can only see what the user of mozilla can see and only delete what the owner of mozilla can see.

 

(quote=Gowator) However taking comments from yourself and arthur if I were interviewing you for a job you wouldn't get past 1st post. (/quote)

 

we are not....we are talking of home machines. I'm sure they would behave differently in a corp setting just as I would. because "If you did this in your job you wouldn't have a job any longer... "

 

so why did you even bother posting all that :rolleyes:

Its my experience that people use computers the same at home and work, especially IT professionals. Check cybrjackles post on what he allows himself at home...

Neither does this protect you legally....

Its a murky area but what if I use your PC for relaying spam or I upload my porn collection to it to save me being prosecuted. I can hide it loads of places as root but as your user Im restricted to your home directory and any specifically open areas, not some obscure /var/cache/porn that a noobie might never see.

I can't control your sendmail user as you.. but I can as root.. etc. etc. etc.

Link to comment
Share on other sites

4 years ago....and still today....xp, 98se, 98se = no antivirus

 

not interested in the votes? you must be a gdesklet developer :lol2:

you have no idea who and how old people are that voted and it's completely irrelevent. IT pro's ? hehe ...who might that be? :lol2: not here on this forum, and definately not in this thread ;) wana make it personal? that's a no no

 

apache? hmmm doesn't belong here either

 

mozilla? k....so what....

reinstall

I didn't forget about that aspect. If someone can't install, they shouldn't have a computer ;) can't maintain it...shouldn't have it.....can't fix it...shouldn't have it.

 

cybr does what he does for good reason. working towards a goal he sets himself up as if it was the corp net he wishes to admin. Again, no place here.

Edited by bvc
Link to comment
Share on other sites

4 years ago....and still today....xp, 98se, 98se = no antivirus

whoo hoo but don't moan if you do ...

 

not interested in the votes? you must be a gdesklet developer :lol2:

Very genuinly funny :D

 

you have no idea who and how old people are that voted and it's completely irrelevent.

Of course Iphitus might be lying and a13x and arthur too...?? (OK Arthur is 18 I think) but.... the reason its relevant is if you use the PC for games only fine... if you have your bank details and all your correspondence, tax forms etc. then its a different matter.

 

IT pro's ? hehe ...who might that be? :lol2: not here on this forum, and definately not in this thread ;) wana make it personal? that's a no no

Erm people who work at IT... me, cybrjackle for instance.

 

apache? hmmm doesn't belong here either

?? So running your mail server/web server/please_hack_me app as root doesn't make a difference? I simply used this as a example to show how running as root is a security problem.. however your answer as normal is

mozilla? k....so what....

So the fact if you run mozilla/opera etc as root your whole PC can be deleted doesn't strike you as a seciruty problem?

 

reinstall

I didn't forget about that aspect. If someone can't install, they shouldn't have a computer ;) can't maintain it...shouldn't have it.....can't fix it...shouldn't have it.

Once again who are you to tell them that?

Can you fix the EMS on your car? Can you design a motherboard or write a bios?

But you use it everyday... Can you fix a jet engine ? but you fly?

cybr does what he does for good reason. working towards a goal he sets himself up as if it was the corp net he wishes to admin. Again, no place here.

Exactly my point....

Guess what, I do the same ....

 

If my system at home didn't work perfectly I wouldn't be so confident telling the idiots at work that their environment is pathetic and I can design a better environment in a day. I used to run the whole NW when i worked in a subsidiary, now i advise... but I still keep my home network clean.

Link to comment
Share on other sites

if you have your bank details and all your correspondence, tax forms etc. then its a different matter.
shouldn't do that..that's a security risk

 

Erm people who work at IT... me, cybrjackle for instance.
I'm sure there are some that are what would be considered IT, but I've yet to see any. I know a lot more than I let on...and I don't claim such. I used to do what cybr does now. It's not a fun job for sure.
?? So running your mail server/web server/please_hack_me app as root doesn't make a difference? I simply used this as a example to show how running as root is a security problem..
...on a network....no place here, we need not that example, we all know that.

 

So the fact if you run mozilla/opera etc as root your whole PC can be deleted doesn't strike you as a seciruty problem?
of course not. it is the risk root takes by choice, and it is roots choice to make

 

Can you fix the EMS on your car?
yes
Can you design a motherboard or write a bios?
diff world
Can you fix a jet engine ?
diff world

no place here

 

Exactly my point....

Guess what, I do the same ....

and what does this have to do with the topic at hand? again...corp network has no place in this discussion
Link to comment
Share on other sites

I admit it, I'm an IT pro :banana:

 

I really don't see why this has to go any further than thats what the developers want that is how it is, if you don't like there way of doing something on an open source project, grab the source and edit it. It is really that simple and I don't understand why this thread is going on and on about irrelevant off topic stuff.. :deal:

 

A shirt from Red Hat describes it best!

 

Its that simple. :jester:

Link to comment
Share on other sites

cybr you have completely missed the point

I could care less about gdesklet and gtkgnutella

 

I thought I made it perfectly clear but obviously not :rolleyes:

 

:lol2: No I got the point,

should root have his/her hand tied?

 

No, and they don't, you can edit the source on your box if you have root access to install the newly edit source file from said examples.

:beer:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...