Where's Konqueror in SU

Rick Stevens ricks at nerd.com
Thu Nov 5 18:45:58 UTC 2009 

Michal Jaegermann wrote:
> On Thu, Nov 05, 2009 at 12:14:44PM -0500, Jim wrote:
>>>   
>> Would someone explain to me what is the detrimental  difference between 
>> a Gui or command line, logging in to root from the same box .
> 
> Complexity.  The more programs are involved the harder they become
> to secure.  With specialized tools that can be manageable and you
> can tell that a trade-off of a small GUI is worth it but you are
> talking about a "kitchen sink" application here.
> 
>> Most of the people that over reacted to question was they looked at 
>> Konqueror as a Web Browser, not realizing it is also a File Manager.
> 
> And also..., and also..., and ... Here is the issue.  "Big" web
> browsers are complicated beast and chances for forgotten "dark
> corners" and unwanted/unexpected interactions grow exponentially
> with size.  Root should be much more careful as effects of a
> hypothetical compromise are far reaching.

You only need to look at the guano that is Internet Explorer to prove
how incestuous and dangerous a web browser/file manager/media manager/
swiss army knife app can get.  Other GUI apps can be just as
detrimental.  A security hole in any of them can be disastrous.

These are the main reasons why the default for F10-F12 is to not permit
the root user to log in as a GUI user--specifically to keep people from
shooting themselves in the foot.  If you really need a GUI for certain
tasks you want root to do, the "bring up a command line, 'su -' in it
and run the GUI app you want from there" is a reasonable compromise.  If
you really, really want root to log in as a GUI, follow the instructions
in the Wiki.  It's not hard to do.

I've been a Linux admin for well over 15 years and I've yet to see when
I really _need_ root to have a GUI.  It's nice on occasion, but you use
it (and anything as root) at your own risk.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-   NEWS FLASH! Intelligence of mankind decreasing!  Details at...   -
-     uh, when, uh, the little hand is, uh, on the...  Aw, NUTS!     -
----------------------------------------------------------------------

More information about the fedora-test-list mailing list