Root in FC10

Fred Silsbee fredsilsbee at yahoo.com
Sun Dec 7 02:49:32 UTC 2008 



--- On Sun, 12/7/08, R. G. Newbury <newbury at mandamus.org> wrote:

> From: R. G. Newbury <newbury at mandamus.org>
> Subject: Re:  Root in FC10
> To: fedora-list at redhat.com
> Date: Sunday, December 7, 2008, 12:50 AM
> > No - GUIs run as root are not as secure. A bug that
> would be caught
> > when running as a user may not be caught when running
> as root.
> 
> A "bug" or a permissions error. Please explain
> how a BUG could or would be treated differently depending on
> the user?
> 
> > The more code you have running as root, the greater
> the chance of
> > running into problems. 
> 
> This is illogical and not relevant to the point which you
> are attempting to make. The vast majority of user, including
> myself, do not write the code we run. And the exploit rate
> in code has nothing to do with the amount of code you have
> running. Lots of code is basically impervious to external
> exploit while being run, because it does not talk to or
> interact with the external world.
> 
> If you are referring to the underlying OS, it ALWAYS runs
> as whatever, often as root. A 'root' user
> doesn't to my understanding run 'more' code than
> a user does...and in any event, all of that code is still
> there to be exploited whichever user is running on top of it
> (if that code is capable of being exploited at all).
> 
> Then again, it is a lot easier to shoot
> > yourself in the foot running as root using the GUI.
> How may times
> > have we seen someone on the list that changed
> permissions, or
> > deleted the wrong file, and needs help to get the
> system running again.
> 
> THIS HAS NOTHING TO DO WITH SECURITY. You are just trying
> to play 'nanny'. The saying is: "To err is
> human". We are ALL human. Get over it and stop trying
> to tie people's hands just because you will not be there
> to hold them. AND this has nothing to do with logging in as
> root. Any user, who through ignorance or stupidity (or both)
> changes permissions or deletes the wrong file, is NOT
> interacting with "security" when he does those
> things. He is using the OS, which does *exactly* what he
> tells it to do, whether or not that is what he thought he
> wanted it to do. And the only PROPER response to that, after
> the fact, is to explain what he did (fix the ignorance bit:
> "ignorant" from "does not know") and
> hope that he remembers it (you cannot fix the stupid bit).
> Oh,  and say, Don't do that again.
> 
> Sorta like your mother probably did many times when you
> were a child. But it is time to stop playing parent to
> everyone.
> 
> Geoff
> 
> -- fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines:
> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

well said!

More information about the fedora-list mailing list