Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Logging in as root an Leap
On 12/01/2015 10:54 PM, John Andersen wrote:
[...] WHAT SPECIFICALLY is the RISK of using a GUI/DE as
root?

IMO this is the time for the security team to jump in and
explain a few principles of their daily work. I'm far from
being a member of this team, but as far as I know, they're
regularly doing in-depth code reviews on programs which are
supposed to be run as root.
The point is that those programs designed to possibly run as
root have to be bullet proof regarding races of any kind,
have to prevent injection of malicious environment variables
etc. Normal code is not designed for things like that.
I think it's not the regular functionality you should be afraid
of, but what an attacker, the environment or plain bad luck
could do to trigger some side effects in the code.

Many well-written servers still drop their root-privileges
as early as they can to avoid possible damage, and then
some guys would circumvent all the security in the design
of UNIX/Linux and run *all* as root?!? I'd call this
ignorant and disrespectful.

It's like walking with a lighted candle in a building storing
gas bottles; it may work, but you never know if one of the
bottles is leaking gas (not to mention if some funny jerk has
opened the valve of one on purpose).

Therefore, I belief there's only one rule to remember:
don't do it.

Have a nice day,
Berny
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups