Root vs Uer, WAS: Re: [CLUE-Tech] How Safe Is It, part II

Keith Hellman kehellman at yahoo.com
Wed Nov 6 15:43:45 MST 2002 

On Wed, Nov 06, 2002 at 01:47:01PM -0700, Timothy C. Klein wrote:
> * Keith Hellman (kehellman at yahoo.com) wrote:
> > - Do you download and install software without performing thorough code
> >   audits? Do you always check the PGP signature of each RPM you install?
> 
> Nope, and if you can look me in the eye and seriously say that you do, I
> would be surprised.  No one does code audits on a real scale -- there is
> not enough time in the day.  Do you know how many lines of code comprise
> a typical Linux Distro install?  Unless your box is gaurding National
> Defense secrets, I don't see this as anything but a red herring.
> 
> I do not run any daemons as root, nor do I run as root from day to day.
> Nor did I ever say I did.

I reread your post and your right, you never said this.  But you gave me
an *impression* that, according to you, running as root is no more
dangerous than running as a normal user.  I don't think I'm too far off
base with that reading.

(Which is why I raised the last quoted point above - someone always
running as root should be doing PGP verifications and/or code auditing.)

Clearly you and I have different metrics:
 
> Sure, you can do stuff like this.  But there is absolutely no software
> fix for accidental file deletion.  You have to have write access to the
> files you use day to day.  On a single user machine, those are going to
> be the files will miss most if deleted.  So the 'don't be root to prevent
> deletion accidents' school of thought simply *does not apply* to a
> machine used in this way.
> 
You worry most about YOUR files; I worry equally about my files &
blowing an evening cause I have to reinstall/restore a machine.  

> > And just our of curiosity, what pray tell do you do on a day to day,
> > hour by hour basis that requires root authority?
> 
> As I expected, the response completely missed my point.  I know security
> *very* well.  Perhaps even better than you.  Don't lecture me on
> security.
> 
Yes it did, but I could barely tell your point.  Your argument that a
user can do *just as much* accidental damage to their own files as root
can is a given.

> What I am saying is that the "never do anything" as root philosophy is
> serious overkill on a home, single user machine.  It makes good sense on
> a server machine.  But if you admin a server, you should already know that.
> All I was saying is that not every machine is a server.  I have seen it
> come up twice recently that having files owned by root is bad idea.
> 

I *think* what your referring to is installs that get a permission or
ownership incorrect and prevent a user from configuring something that
they want to (like GUI settings, or access to hardware, ...).  But this
is an issue of installation/configuration - the solution is to FIX the
installation/configuration - not run as root all the time.

> My argument is that on a lot of Linux installations, that is simply not
> true.  It makes no big difference.  Remember, most security is not

Do you mean a standard desktop, surf the web, read email sort of
installs?  Your the security expert:  you don't surf as root, you run
Tripwire, you check all the PGP sigs on your packages; great.  But what about
the casual/new to linux user that reads your post and decides that it is
just easier to run as root - are they going to surf as root?  Yes.  Will
they run Tripwire?  No.  Will they run crossover office so they can use
MS Office?  Yes.

> true.  It makes no big difference.  Remember, most security is not
> something that can be fixed with software -- it must rest upon policy
> and the user.  For a home machine, the best security scenario is
> probably to just use your head, and don't rely on magical software to
> solve all security problems.
> 
Agreed.  In my book, using your head is to:  do admin tasks as root, everything
else as someone else.

I'm done now :^)

-- 
Keith Hellman                             #include <disclaimer.h>
kehellman at yahoo.com               from disclaimer import standard

"Before you critize someone, run a mile in their shoes. When you do
critize them, you'll be a mile away and you'll have their shoes."

--Unknown

More information about the clue-tech mailing list