On 12/01/2015 10:54 PM, John Andersen wrote:
[...] WHAT SPECIFICALLY is the RISK of using a GUI/DE as root?
IMO this is the time for the security team to jump in and explain a few principles of their daily work. I'm far from being a member of this team, but as far as I know, they're regularly doing in-depth code reviews on programs which are supposed to be run as root. The point is that those programs designed to possibly run as root have to be bullet proof regarding races of any kind, have to prevent injection of malicious environment variables etc. Normal code is not designed for things like that. I think it's not the regular functionality you should be afraid of, but what an attacker, the environment or plain bad luck could do to trigger some side effects in the code. Many well-written servers still drop their root-privileges as early as they can to avoid possible damage, and then some guys would circumvent all the security in the design of UNIX/Linux and run *all* as root?!? I'd call this ignorant and disrespectful. It's like walking with a lighted candle in a building storing gas bottles; it may work, but you never know if one of the bottles is leaking gas (not to mention if some funny jerk has opened the valve of one on purpose). Therefore, I belief there's only one rule to remember: don't do it. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org