Root in FC-10

[steve]

Hello,

R. G. Newbury wrote:
> Mikkel L. Ellertson wrote:
> 
>  >After all, we do not want to see Linux systems that are as insecure
>  >as Windows systems are by default. Running as root all the tine
>  >defeats most of the security of a Linux system.
> 
>  >Mikkel
> 
> Well how *exactly* does running *as root* defeat *most* of the security 
> of a linux system. Sorry but that is BS.
No, it is not.

> Virtually any exploitable point allows an escalation by way of further 
> exploit.
That's correct. However, this should not imply that just because there exists a 
possibility of escalation, we should not have multiple levels of security.

Just because you have a safe, does not mean you leave your door unlocked, just 
because you have a lock on the door, does not mean you don't need a fence ...etc

> If and only if, it is possible to ensure (to 100%) that no 
> exploit can be escalated to provide root level privileges, is it 
> reasonable and logical to claim that not using root, is "safer" than 
> using root.
It is not possible to ensure 100% security. That's the nature of software ...or 
any sort of security for that matter ...think about it. However, we do tend to 
minimize damage by building multiple levels of protection.

Not running as root is "safer" than using root, when using tools that do not 
need all the privileges that the root user enjoys. For example, when a bug in 
gnome-panel running in the context of a normal user is exploited, the attacker 
would have to exploit yet another level before gaining total access to the system.

I suspect that you understand this bit, but don't somehow agree with the concept 
of "sandboxing" as a way to limit damage, in which case, would you be kind 
enough to tell me your email password ...after all i don't know anything about 
you, so what's the worst that could happen ? :)

cheers,
- steve

-- 
Linux Centric Marketplace: http://www.tuxcompatible.com