Why is running programs as root so bad?

This is a discussion on Why is running programs as root so bad? within the Tech Board forums, part of the Community Boards category; Originally Posted by Kennedy I'm not so sure that I'm a firm believer in the idea that using Linux as ...

  1. #31
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,581
    Quote Originally Posted by Kennedy View Post
    I'm not so sure that I'm a firm believer in the idea that using Linux as root is "asking for trouble".
    But you have to be if you hope to ever get a job as a security consultant. No one will take you seriously otherwise.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  2. #32
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,264
    Quote Originally Posted by Mario F. View Post
    But you have to be if you hope to ever get a job as a security consultant. No one will take you seriously otherwise.
    I think if you are working on a box that is shared (or accessed) by several users, then you should only run as root when absolutely necessary. On the other hand, if this is your home machine, then do whatever your feel comfortable with.

    Personally, I have no problem using sudo.
    bit∙hub [bit-huhb] n. A source and destination for information.

  3. #33
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Geez will there be a torrent of locusts or something coming next? Mario and I finally found something to agree up ^__^

    As for Kennedy being smarted than folks on the SELinux team (and I was more referring to the original OS designers) I guess we will have to take you word on that one...
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  4. #34
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,581
    Btw, it's the second time you make that quote about Linus Torvalds, Kennedy. I don't think you ever understood the context. Let me explain it to you in few words so you drop it for good:

    I don't need to know what Linus Torvalds thinks of spaces vs tabs. I don't care. Neither should you or anyone else, when it is common knowledge one or another are either a personal choice or an imposition at your working place. So, for all purposes as far as answering the question of what is best, tabs or spaces, Linus is a nobody just like anyone else.

    In fact, Linus is a nobody on many other things he wrote or opinionated about before. But that's cool. So am I, you and everyone else. The issue is not the debate. But the fact some people actually think that quoting Linus Torvalds on tabs vs. spaces is going to actually give some strength to one side of the fence.

    Is it clear now?
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  5. #35
    In my head happyclown's Avatar
    Join Date
    Dec 2008
    Location
    In my head
    Posts
    391
    I don't run linux/unix, but in Windows XP, I use the administrator account only for installing software and changing system settings.

    For everything else ie. work, internet, games, I use a limited user account, which can't install any software, or change fundamental settings, other than their own basic settings like screensaver.

    I've never had a virus, trojan, malware.
    OS: Linux Mint 13(Maya) LTS 64 bit.

  6. #36
    {Jaxom,Imriel,Liam}'s Dad Kennedy's Avatar
    Join Date
    Aug 2006
    Location
    Alabama
    Posts
    1,065
    Quote Originally Posted by Mario F. View Post
    Btw, it's the second time you make that quote about Linus Torvalds, Kennedy. I don't think you ever understood the context. Let me explain it to you in few words so you drop it for good:

    I don't need to know what Linus Torvalds thinks of spaces vs tabs. I don't care. Neither should you or anyone else, when it is common knowledge one or another are either a personal choice or an imposition at your working place. So, for all purposes as far as answering the question of what is best, tabs or spaces, Linus is a nobody just like anyone else.

    In fact, Linus is a nobody on many other things he wrote or opinionated about before. But that's cool. So am I, you and everyone else. The issue is not the debate. But the fact some people actually think that quoting Linus Torvalds on tabs vs. spaces is going to actually give some strength to one side of the fence.

    Is it clear now?
    Crystal. But, I'll still poke at you about it. It seems to get you spinning in a hurry (this is the second time that you have corrected me on it -- the first you asked me if sarcasm is lost on me -- apparently so ).

  7. #37
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,581
    Ah! You got me there
    Fair enough.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  8. #38
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Kennedy View Post
    Running as root is safe if you are willing to accept the risk. If you, however, go out surfing for porn or other crap (where malicious code is known to exist)
    I don't have any problems surfing porn* either.

    As for Mario F., I really like him or I wouldn't argue so much but he does come across as a "linux hater". His assertions that the whole thing is somehow untrustworthy again fits in with those patronizing assertions that lean heavily on the <i>implication</i> that it is in reality "experimental" or a "fringe operation".

    This kind of ignores the FACT that MOST of the INTERNET is run on LINUX.

    Maybe "most of the internet" still is experimental and fringe, but I continue to give it credits for effort

    I do accept that running as root opens up some security issues. But, as with many things, I count myself in a minority here and so can also count on these facts

    1) that most users DON'T run that way and so board idiots will not spontaneously target them in their board idiotic way, they will be out trying to sink MS ships.

    2) I have like 3 usb keys I cycle thru for backups, plus CDs, and remote storage, all of that near daily with things that are important to me. Also, I have a FLOPPY DISK drive and have never written code longer than 1.44 mb source, and could care less about anything that isn't code.

    I don't run SELinux on my primary install. What's more -- I don't have ANY secondary users and sudo is NOT EVEN INSTALLED. I do have them on the more normal installs I use for testing. Come get me ...or get real
    *actually this one's not really porn, but the formation with the 3 of them about 3:20-4:15 is what I would call philosophically beautiful

    THE SYSTEM IS YOURS. YOU ARE THE ROOT.
    Last edited by MK27; 01-11-2010 at 06:53 PM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  9. #39
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by jeffcobb View Post
    There are three primary classes of code in the Debian repository: stable, unstable and testing. If a package is in the stable branch, that means there have been no bugs or malicious code found in it in over 18 months. Old? Yes but freaking rock-solid. Unstable means no show-stoppers have been logged in something like 12 months; a package here may have seen some cosmetic changes but fundamentally the package is sound.
    Not so sure about this Jeff. I got put straight into "unstable" (and am still there). But that was after they scouted me (I didn't approach them) and a few months of back and forth with the packager, and then at least a team of three involved in the testing. And they understood C. So the chances of deliberately malicious code, even in a "unstable" package, seems very slim to me -- I cannot modify my own package in the distro directly, I have to go through the packagers, who are debian employees, and then they update the release.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  10. #40
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Quote Originally Posted by MK27 View Post
    Not so sure about this Jeff. I got put straight into "unstable" (and am still there). But that was after they scouted me (I didn't approach them) and a few months of back and forth with the packager, and then at least a team of three involved in the testing. And they understood C. So the chances of deliberately malicious code, even in a "unstable" package, seems very slim to me -- I cannot modify my own package in the distro directly, I have to go through the packagers, who are debian employees, and then they update the release.
    Hey once about 5 years ago I knew all of the maturity levels. I will look into this and get back. All I know is stable (Sarge) is safe as it gets which is what I use for forward-facing servers and have never has a doubt or a worry.

    It's dinner-time around here but like Ahnold says, I'll be back.

    Busy watching Avatar on the wide-screen... ^__^
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  11. #41
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Here is something shedding light on the package system for the curious: Debian - Wikipedia, the free encyclopedia

    And I had unstable and testing switched (D'oh). And now Lenny is the latest stable. So behind the times I am. In any event I do have faith in the package maturity system, it has stood by me when the whole RPM system sent system after system up in flames. But oh well, it works for us...


    Peace
    Jeff
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  12. #42
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,581
    This is all fine. But security concerns aren't interested on best case scenarios. Best Case Scenarios are in fact pretty much useless for about anything -- from security to deciding how one should develop their data entry UI.

    I do not deny the added benefits of Open Source software in terms of code security and stability. Most of it spawns from a single factor: Peer Review. Something that is impossible on closed source. But let us not pretend all software is created equal, that all open source projects are created equal, or that in fact the same project is immune to changes in mood or to gross mistakes that someone somewhere may pay dearly.

    If Open Source history is not exactly rich in horror stories about unchecked malicious code being injected into the development process by some contributor, this is by no means evidence it can't happen. Mostly because it's rather easy to observe that it CAN indeed happen. We all have seen rather abusive bugs (an by abusive I mean "how exactly did no one seen this before!?) on projects as respectable as Mozilla's or Apache's. The same irresponsible behavior that lead to unchecked submitted code could potentially be explored by a disgruntled contributor. And there are disgruntled contributors. Are there not?

    And on smaller scale projects, on dying projects or on projects under a bad management (yeah, because open source is a lot more than just the big players), the opportunities for malicious code to creep in are higher.

    Why we don't hear about it, then? I'm sure there are stories. I may entertain myself trying to browse the web or USENET for them. But sure they aren't common. However they aren't probably common because Open Source is still a rather small portion of the global development effort. It is also still -- and thankfully -- mostly a work of passion. It is also a known danger and actively checked and finally, there isn't really enough motivation probably. The same reason probably why Linux has so few virus.

    But most notably, my beef with many Open Source projects (and that underline I hope clears once and for all your misconception of my constant criticism) is what I perceive to be a constant increase in the weight being put in the user shoulders. More and more I observe that many projects shift the responsibility of code testing to the end user, leaving the developers the sole task of creating new bugs and fixing old ones. In that order. The notion of users as only... you know, users of a piece of software is being thwarted and many open source projects seem to want to prey on their users workforce, more than they probably should. You really cannot expand the Open Source concept if you demand this type of task from your users, because granny, joe and marlene don't make good software testers. And granny, joe and marlene are the vast majority of users.

    I go as far as to say that on many occasions submitted code is not verified at all and there is a conscious decision that the results are to be observed on bugtraq or by user bug submissions. This is more true as the project gets bigger, more mature and with a wider (read, impossible to properly manage) number of contributions. This is the only way I can explain the level of some of the most inane bugs that have been found on popular open source projects, or how certain projects can take years to fix a known bug with multiple bug reports (and here, I'm thinking of a certain bug on a simple macro in boost::filesystem).

    In this scenario, more than malign code, is good code I'm afraid of. And so should you.
    Last edited by Mario F.; 01-11-2010 at 09:34 PM.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  13. #43
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    It may not need root privileges, but I do. (The only problem with this one is GUI's must run as the same user as the X.)
    I doubt very much the programs you run need access to the entire machine. There are many permission schemes available, why not use them? You've pretty much just chucked the idea of "groups" and "users" out the window. As well as wasting space by storing file permissions .

    And the "trusted, I looked over the source code myself" stuff is BS. Consider a small bug in Firefox that allows code from web pages or images to be run. It's bizarre to give Linux all this praise, when you're not using a large chunk of what made it successful (Granted it wasn't specifically Linux ).
    Last edited by zacs7; 01-11-2010 at 10:42 PM.

  14. #44
    In my head happyclown's Avatar
    Join Date
    Dec 2008
    Location
    In my head
    Posts
    391
    Quote Originally Posted by jeffcobb View Post

    Busy watching Avatar on the wide-screen... ^__^
    It's still showing in the theatres, so how can you watch it on the TV?
    OS: Linux Mint 13(Maya) LTS 64 bit.

  15. #45
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    You guys focus a lot on malicious code and hackers and evil doers. Are you so divine in administrating computers that you never make mistakes? If you have the least privileges you can do the least harm. Even unintentionally without anyone being evil. "Never attribute to malice that which can be adequately explained by stupidity".
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

Page 3 of 4 FirstFirst 1234 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Running Linux from a ramdisk (root)
    By cyberfish in forum Tech Board
    Replies: 2
    Last Post: 05-09-2009, 03:45 AM
  2. running programs within c++
    By pktcperlc++java in forum C++ Programming
    Replies: 7
    Last Post: 01-01-2005, 03:20 PM
  3. Running my programs
    By ComDriver in forum C Programming
    Replies: 3
    Last Post: 01-01-2005, 06:39 AM
  4. Running programs
    By Trauts in forum C++ Programming
    Replies: 6
    Last Post: 07-30-2004, 02:42 PM
  5. how to compile & run c programs in unix?
    By Unregistere in forum C Programming
    Replies: 2
    Last Post: 10-09-2002, 11:53 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21