[CLUE-Tech] RE: Root vs User

David Willson DLWillson at TheGeek.NU
Thu Nov 7 06:35:37 MST 2002 

Tim,

Quick observation:
I think you and Keith are on the same philosophical page.

Quick question:
One of the recent 'user-level' distros, Lindows, I think, opted to log
the user in as root by default, to get a simpler overall experience, in
short, to avoid confusing Win9x refugees.  What are your thoughts on
that?
Here's mine:
Without separation of privilege-levels, Linux is not Linux.  Defaulting
to root leads to sloppy habits on the part of users and programmers
which are hard to break.  Reference Windows NT, the amount of damage a
normal user can do to an NT-system when logged on interactively is
tremendous.  The number of unacknowledged 'bugs' caused by a lack of
separation, in the programmer's mind, between administrators and regular
users, between system and user areas of the file system, and between
system and user-level processes, is also tremendous.  Someday, due to
the competition Linux has given, and will continue to give, Microsoft
may tighten their default setups, and get as clean a separation on this
line as Linux has, but there will still be a industry full of
shoddily-written software to correct.  That'll ~never~ fix, which will
lead to more FUD for the customer, who will cling all the more tightly
to Uncle Microsoft.

David Willson
MCT, MCSE, Network+, A+, Linux Enthusiast
http://TheGeek.NU 


-----Original Message-----
From: clue-tech-admin at clue.denver.co.us
[mailto:clue-tech-admin at clue.denver.co.us] On Behalf Of Timothy C. Klein
Sent: Wednesday, November 06, 2002 1:47 PM
To: clue-tech at clue.denver.co.us
Subject: Re: Root vs Uer, WAS: Re: [CLUE-Tech] How Safe Is It, part II


* Keith Hellman (kehellman at yahoo.com) wrote:
> Wow.
> 
> - Do you surf the web using Mozilla, Netscape, or Konqueror as root ?

No, of course I don't.

> * Eventually you will run some malicious script as root - have you
>   considered this?

No, I will probably not. Yes, I have considered it.

> - Do you use Wine that can successfully host Windows Viruses ?
> * Running as root, you can inadvertently host trojaned programs that
>   masquarade behind low-leve port numbers - I may be wrong but I
believe
>   that some Windoze viruses will do this.

No, I don't use Wine at all.

> - Do you download and install software without performing thorough
code
>   audits? Do you always check the PGP signature of each RPM you 
> install?

Nope, and if you can look me in the eye and seriously say that you do, I
would be surprised.  No one does code audits on a real scale -- there is
not enough time in the day.  Do you know how many lines of code comprise
a typical Linux Distro install?  Unless your box is gaurding National
Defense secrets, I don't see this as anything but a red herring.

I do not run any daemons as root, nor do I run as root from day to day.
Nor did I ever say I did.

> * Because if you don't, and your machine is on the Internet (which it
>   sounds like), then you may eventually be responsible for hosting a
>   DDoS from a trojaned /bin/bash or /bin/ls.

I know all about this, and no, my machine won't ever do this unless I
get incredibly unlucky.

> - Are being responsible enough to run security auditing utilities such
>   as PortSentry and Tripwire?

Why gee, yes I am.

> * Otherwise, how would you even know that one of the above has 
> occured?
> 

> I'd also like to point out that as a user you can protect yourself 
> from deleting whole directory trees: <snip>
> Script started on Wed Nov  6 12:35:43 2002
> not_root$ mkdir T
> not_root$ touch T/foo
> not_root$ chmod 000 T
> not_root$ rm -rf T
> rm: cannot change to directory `T': Permission denied
> not_root$ ls T/
> ls: T/: Permission denied
> not_root$ chmod 777 T
> not_root$ ls T
> foo
> not_root$ chmod 000 T
> not_root$ sudo rm -rf T
> Password:
> not_root$ ls 
> not_root$ exit
> </snip>

Sure, you can do stuff like this.  But there is absolutely no software
fix for accidental file deletion.  You have to have write access to the
files you use day to day.  On a single user machine, those are going to
be the files will miss most if deleted.  So the 'don't be root to
prevent deletion accidents' school of thought simply *does not apply* to
a machine used in this way.

> Here's a thought:  run a find/xarg command from / that changes the 
> ownership of EVERYTHING except SUID programs to your login.  Then you 
> don't have to run as root, and you can still have the pleasure of 
> rebuilding machines when you've accidentally obliterated your /dev and

> /etc.
> 
> And just our of curiosity, what pray tell do you do on a day to day, 
> hour by hour basis that requires root authority?

As I expected, the response completely missed my point.  I know security
*very* well.  Perhaps even better than you.  Don't lecture me on
security.

What I am saying is that the "never do anything" as root philosophy is
serious overkill on a home, single user machine.  It makes good sense on
a server machine.  But if you admin a server, you should already know
that. All I was saying is that not every machine is a server.  I have
seen it come up twice recently that having files owned by root is bad
idea.

My argument is that on a lot of Linux installations, that is simply not
true.  It makes no big difference.  Remember, most security is not
something that can be fixed with software -- it must rest upon policy
and the user.  For a home machine, the best security scenario is
probably to just use your head, and don't rely on magical software to
solve all security problems.

In the example stated, and another is the way Debian sets ownership of
/var/www files to root, I see no problem on primarily single user
machines.  An su to root is not a big security problem on this machine.
Roger Frank's machine may be massively mutli-user, in which case root
ownership could cause a very slight elevation in risk (by causing a
admin to have to su, and the the admin does something dumb).  I don't
know his situation, I am simply bringing up something that has bugged me
with regards to *Nix 'grey beards' and their stern admonishment about
doing anything as root.  Some things are just fine left to root -- like
owning files on a light-duty machine that you want to remain unchanged
most of the time.

One might think that an su to root could cause WWWIII or something of
the like from the stuff I have read at times.

Tim
--
==============================================
== Timothy Klein || teece at silverklein.net   ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================
_______________________________________________
CLUE-Tech mailing list
CLUE-Tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list