From this perspective, it should be easy to see that using the least
Hi,
After I made a brief comment on a mailinglist that said "don't mail as
root". I got half a dozen replies asking for the reason, and I said I'll
write it down for all:
Unix/Linux are multi-user operating systems. The goal is to be able to
seperate users from each other. There are only few categories of users,
and seen from the kernel's perspective, there are only two: user and
superuser. The superuser on the system (root) has no restriction wrt what
he can do in the system, whereas other users must confirm to the
(permission-) rules that the super user configured (when in doubt, that
was the distributor)
privilege possible and needed for a task is most secure. Especially in
cases where a program uses data that comes from an untrusted source this
is strongly advised. How do you know that a .jpg file that you received
from your friend does indeed confirm to the JPEG image compression
standards (netscape prior to version 4.74 had a bug in the jpeg handling
code that could, if exploited by a specially crafted jpeg image, enable an
attacker to execute arbitrary machine code on the machine the netscape
browser runs on.) The majority of programs do have this property (since
you wish to have them something done, of course). The most suitable for
the purpose of this mail are
* mail user agents (MUAs)
* chat clients (such as IRC)
* browsers (such as netscape)
* multi media players (such as mp3 players and image viewers)
If your mail program is written in poor style, it might contain a bug that
allows an attacker to do nasty things with your machine. pine used to have
such a bug a while ago, for example. If this happens as user root, the
possible damage to your machine is not restricted in any way, if it
happens as user foo, the attacker may still have to obtain root rights to
gain complete access to the system.
Thanks,
Roman.
--
- -
| Roman Drahtmüller