Root in FC10

R. G. Newbury newbury at mandamus.org
Sun Dec 7 00:50:29 UTC 2008 

> No - GUIs run as root are not as secure. A bug that would be caught
> when running as a user may not be caught when running as root.

A "bug" or a permissions error. Please explain how a BUG could or would 
be treated differently depending on the user?

>The more code you have running as root, the greater the chance of
> running into problems. 

This is illogical and not relevant to the point which you are attempting 
to make. The vast majority of user, including myself, do not write the 
code we run. And the exploit rate in code has nothing to do with the 
amount of code you have running. Lots of code is basically impervious to 
external exploit while being run, because it does not talk to or 
interact with the external world.

If you are referring to the underlying OS, it ALWAYS runs as whatever, 
often as root. A 'root' user doesn't to my understanding run 'more' code 
than a user does...and in any event, all of that code is still there to 
be exploited whichever user is running on top of it (if that code is 
capable of being exploited at all).

Then again, it is a lot easier to shoot
> yourself in the foot running as root using the GUI. How may times
> have we seen someone on the list that changed permissions, or
> deleted the wrong file, and needs help to get the system running again.

THIS HAS NOTHING TO DO WITH SECURITY. You are just trying to play 
'nanny'. The saying is: "To err is human". We are ALL human. Get over it 
and stop trying to tie people's hands just because you will not be there 
to hold them. AND this has nothing to do with logging in as root. Any 
user, who through ignorance or stupidity (or both) changes permissions 
or deletes the wrong file, is NOT interacting with "security" when he 
does those things. He is using the OS, which does *exactly* what he 
tells it to do, whether or not that is what he thought he wanted it to 
do. And the only PROPER response to that, after the fact, is to explain 
what he did (fix the ignorance bit: "ignorant" from "does not know") and 
hope that he remembers it (you cannot fix the stupid bit). Oh,  and say, 
Don't do that again.

Sorta like your mother probably did many times when you were a child. 
But it is time to stop playing parent to everyone.

Geoff

More information about the fedora-list mailing list