Root in FC-10
Les
hlhowell at pacbell.net
Sun Dec 7 20:14:09 UTC 2008
On Sat, 2008-12-06 at 19:34 -0500, R. G. Newbury wrote:
> Mikkel L. Ellertson wrote:
>
> >After all, we do not want to see Linux systems that are as insecure
> >as Windows systems are by default. Running as root all the tine
> >defeats most of the security of a Linux system.
>
> >Mikkel
>
> Well how *exactly* does running *as root* defeat *most* of the security
> of a linux system. Sorry but that is BS.
> Virtually any exploitable point allows an escalation by way of further
> exploit. If and only if, it is possible to ensure (to 100%) that no
> exploit can be escalated to provide root level privileges, is it
> reasonable and logical to claim that not using root, is "safer" than
> using root. It has never been explained to my satisfaction how the
> supposed 'sandbox' of being user in fact adds any extra security to the
> computer.
Becuase it is not just a "sandbox", but a permissions thing. Processes
a user can start don't have write access to the global system.
Processes started from a root account do. Someone will no doubt say
that this can be overridden, but it is more difficult than just having
an open invitation to the entire system file structure as you do when
root.
Regards,
Les H
More information about the fedora-list
mailing list