Thread: Why is running programs as root so bad?

  1. #16
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Mario F. View Post
    So this is the final answer it seems. "Nothing bad ever happened to me, so go ahead and do it, Yeehaa!"
    In your case I recommend staying at home instead Mario. Just to be safe :P
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  2. #17
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    It all comes down to this:

    Principle of least privilege - Wikipedia, the free encyclopedia

    Your application doesn't need root privileges, so it should not have root privileges.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  3. #18
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by nvoigt View Post
    It all comes down to this:
    There are two distinct principles at work. 1) You can do ANYTHING as root, including accidently destroy your system. 2) A malicious process run as root can also do anything.

    The caveat to new users is because of #1.

    WRT to #2, don't run malicious processes! Or,

    sudo -u nobody someapp

    It may not need root privileges, but I do. (The only problem with this one is GUI's must run as the same user as the X.)
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  4. #19
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    In essence, it's quite irrelevant if I know my system well enough or not. To that I would also have to add a few other variables, like where I get my software from, under which conditions I'm running my computer, even if I'm feeling particularly drowsy from so much work, or even distracted by something else.

    To grab the whole issue of security and pretend to put it in a box called "Experience" is quite extraordinary after so many years of common computer usage. It just feels like some people still don't want to learn the lesson... or pretend there is no lesson to be learned. One can play hardcore all they want, but the simple matter of fact is that running Linux as root is disregarding security and call it a bluff. All simply because one's lazy and thinks "sudo is too much work". Or because they think that impresses the chics.

    But being that the case (security in Linux being a bluff). Necessarily These guys would be full of it and Bugs in the kernel or in other code that can be the target of exploits never existed.

    Forgetting for a moment that if Yarin asked it already means he needs to use Linux as a normal user and assuming for a moment that Yarin would be a top Linux user and kernel coder with over 10 years of experience, there's also one fundamental aspect he would be forgetting when he chose to run his linux machine as root all the time:

    That security is about prevention, not resolution. Your security can fail even before any attempt against it is made or any damage is done. So, it is quite alright whatever you decide to do with your machine. But don't hide your lazyness or whatever other motivations you may have to run your system as root all the time behind a false veil of security. You are ignoring security. And that simply means your whole experience is resumed to "Nothing happened so far. I'm ok".
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  5. #20
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    I guess the author of that XMMS2 line just shares Mario's sentiments.

    Just use root.
    I second MK27. I've been using Linux since 1994 and always as root.
    I'm not paranoid, but that can't be good advice.
    I'll just stick with POLA.

    Once upon a time, I busted glibc. That will ruin everything.
    Ah, messing up glibc (assuming you know that's what you broke) is an easy fix. I can image much worse.

    Download the latest version of your favorite program which does unfortunately include a bug that corrupts your repository.
    There are plenty of programs that you can, and need to, run as root that have the ability, and are often designed specifically, to modify your system/repository. I think a fear of bugs is a bad reason not to run as root.

    But wow though, that Android bug is scary - and even more so funny.

    Thanks for the replies.

  6. #21
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    You can configure sudo to not ask for a password. Even that is more secure than running as root all the time.

  7. #22
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Quote Originally Posted by Yarin View Post
    I think a fear of bugs is a bad reason not to run as root.
    Erm... but that should be your top reason. And another important one, if you are into using that stuff, is fear of Web Applications and Public Networks or otherwise untrusted services.

    While I mentioned it, I understand some would like to debate the importance of securing against malicious code creeping out from Open Source programs. I understand they may want to debate it, but don't see how any debate could ever exist. But whatever.

    Instead do not dismiss software bugs as an issue that cannot affect you in terms of security.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  8. #23
    {Jaxom,Imriel,Liam}'s Dad Kennedy's Avatar
    Join Date
    Aug 2006
    Location
    Alabama
    Posts
    1,065
    I guess what is the most funny thing to me is that the avid hater of Linux would say not to use root.

    As in, I hate Linux so much that I KNOW FOR A FACT that using root is VERY DANGEROUS.

    You are obviously correct in your assessment of root@linxbox Mario. How much Linux experience to you have again?

    Quote Originally Posted by Mario F.
    Who is Linus Torvalds?

  9. #24
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Yarin View Post
    I guess the author of that XMMS2 line just shares Mario's sentiments.
    Yes, it is a contentious issue, and some of the people on one side like to be patronizing and imply there are fearsome monsters lurking under the bed there when there are not. You are free to do what you like (I should not really have said "just use root" ), just to let you know: it is not unusual to run normally as root, and it will not create any strange problems. If you don't want to, you don't have to...

    Ah, messing up glibc (assuming you know that's what you broke) is an easy fix. I can image much worse.
    I wasn't into programming, beyond shell scripting, at the time. I actually didn't know exactly what had gone wrong. Later it occurred to me it was because I tried to rebuild the C library in place (never mind why), and did not understand that EVERYTHING links to it. I had a rescue disk to get my data off the partition, but I had to re-install and start over a years worth of tinkering.

    The funny part -- as in funny strange, not really ha ha -- was that it occurred in Aug 2001. When I had to pick a host name for the system, I could not be bothered to come up with anything (I used to use like "red.flower.poem" and stuff) but didn't want the default "localhost" so I used the date of the re-install, 9.01.01. So for a long time after that my bootup message was ""Welcome to 9.01.01". And I still wasn't sure what had gone wrong, just that it went very wrong and couldn't be fixed. Eerie. Still gives me the shivers, actually.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  10. #25
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Quote Originally Posted by Kennedy View Post
    I guess what is the most funny thing to me is that the avid hater of Linux would say not to use root.

    As in, I hate Linux so much that I KNOW FOR A FACT that using root is VERY DANGEROUS.

    You are obviously correct in your assessment of root@linxbox Mario. How much Linux experience to you have again?
    I was expecting this type of argumentation. Not just from you, kennedy. I'm honestly surprised. So help me here. I lost touch with these things. What am I supposed to call you now? Linux lover? And where does it get to the time we start with the insults. That usually is the most exciting part.

    FYI, I don't hate Linux. Quite on the contrary. You just don't frequent these forums frequently enough to know that, it seems. And help me here too... because I'm starting to doubt your own judgment... exactly where does User Experience fits with defending or arguing against the decision to run as root all the time? I'm dying to know.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  11. #26
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Well first the makers of XMMS are trying hard to hit you with a cluebat with this:
    --yes-run-as-root Give me enough rope to shoot myself in the foot
    That said, there are three primary dangers of using root fulltime (unless you are ready to throw your box away and reburn at a moments notice):
    1. Malicious code: Back doors, etc. This was tried recently, caught fast (< 24 hours and fixed)
    2. Buggy code: This is one of the key benefits of the Debian maturity model. I can find exact dates on this for the interested but it goes like something like this:

    There are three primary classes of code in the Debian repository: stable, unstable and testing. If a package is in the stable branch, that means there have been no bugs or malicious code found in it in over 18 months. Old? Yes but freaking rock-solid. Unstable means no show-stoppers have been logged in something like 12 months; a package here may have seen some cosmetic changes but fundamentally the package is sound. Testing is just what it sound like: It hasn't eaten anyones cat recently but beyond that, not promises are given.

    With this setup you can pick your poison. For Internet-facing boxen, I stick with stable (mail and web for one thing). For home servers I do unstable to get newer releases and for dev laptops that can go south at any time...well still stick with unstable.

    The thing is this limits by a great deal how much code auditing you have to or need to do. If you run everything as root, the simple truth is you are one password away from being owned.

    Reason 3: Your own stupidity: in which case you have yourself to blame and it matters not which OS you run you are an accident waiting to happen. Some folks are not meant to run anything more complex than an iPod...it's just that simple. By the fact that this is a coders board I would put few if any in that group.

    We here at Casa Cobb do the sudo route so that all rootly-things are at least logged, run rktoolkit to watch for things that seem fishy and always use our own accounts/PW. We do not allow remote root login access so anyone trying to get it would need to know at least two passwords to get past the front-door.

    No system is perfect; in our case after running Windows for <deity> knows how long in a Fix or Repair Daily mode, moving to Linux was hard at first (wife is still learning but doing excellent) but well worth the investment in time. Is it for everyone? Absolutely Not. But it works for us and works damned well. No malware, no virii, just turn it on an go.
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  12. #27
    {Jaxom,Imriel,Liam}'s Dad Kennedy's Avatar
    Join Date
    Aug 2006
    Location
    Alabama
    Posts
    1,065
    Quote Originally Posted by Mario F. View Post
    I was expecting this type of argumentation. Not just from you, kennedy. I'm honestly surprised. So help me here. I lost touch with these things. What am I supposed to call you now? Linux lover?
    Yes, please do so.
    Quote Originally Posted by Mario f. View Post
    And where does it get to the time we start with the insults. That usually is the most exciting part.
    I have no tact, so, please explain how what I said was insulting.
    Quote Originally Posted by Mario F. View Post
    FYI, I don't hate Linux. Quite on the contrary. You just don't frequent these forums frequently enough to know that, it seems.
    Okay, however, you have posted 3 times in the Linux forum:
    Quote Originally Posted by Search Results
    Search: Posts Made By: Mario F. ; Forum: Linux Programming and child forums
    Thread / Thread Starter Last Post Replies Views Forum

    GRUB from windows
    underline_bruce

    07-08-2008 05:34 AM
    by Mario F. Go to last post
    2 243 Linux Programming

    gdb problem in multi-threaded app
    IfYouSaySo

    10-12-2006 08:22 PM
    by Mario F. Go to last post
    1 450 Linux Programming

    NCurses C++ tutorial/documentation
    ironfistchamp

    07-05-2006 11:59 AM
    by ironfistchamp Go to last post
    8 2,956 Linux Programming
    And in other places you have been "Not so Linux friendly". You should understand why one would think that with statements like
    Quote Originally Posted by Mario F.
    Especially on an operating system as Linux where trusted programs are open-source and easy to recompile with malign code.
    which seems to me to be a naysayer's statement against Open Source coding, specifically GNU/Linux. -- perhaps, however, I misjudged such a statement.
    Quote Originally Posted by Mario F. View Post
    And help me here too... because I'm starting to doubt your own judgment... exactly where does User Experience fits with defending or arguing against the decision to run as root all the time? I'm dying to know.
    Show me a software system (embedded, desktop, server, etc) that has existed, WITH USERS, that has had few or no problems. Probably very few. But why is this? Are you going to 100% assure me that these systems have had breakdowns _BECAUSE_ these were run as root? Are you going to tell me, again with 100% surety, that these systems/applications would have had X% greater failures if had been run as root? Is it possible to use a system as root/administrator without screwing it up? Is it possible to screw up a system running the system as an unprivileged user? In every case of the unprivileged user screwing up a machine how many of these are due to the fact that they sudo (or runas) the software that chunks the machine?

    My answers to these questions are as follows:
    breakdowns becase these were run as root: No.
    greater failures if had been run as root: No
    root without screwing it up: Yes
    running the system as an unprivileged user: YES
    sudo the software that chunks the machine: NO.

    I have numerous cases of my parents chunking their machine (and I don't give them admin rights -- which they complain about often) due to their incredible ability to really hose up the software, routinely. Even without administrator privileges they still find ways to complete crap up there machine such that I spend hours fixing their install.

    Running as root is safe if you are willing to accept the risk. If you, however, go out surfing for porn or other crap (where malicious code is known to exist) as super user, you can expect your machine to go down in flames. If you are only using your computer for specific purposes that are not so risky, you'll be fine.

    Writing code for your machine, in my opinion, is quite safe as root.
    Surfing for answers to your coding questions as root, in my opinion, is about 75% safe.
    Frequenting this web site hourly as root, in my opinion, is very safe.

    Looking for peer-to-peer programs to illegally take others programs/music/videos/pictures/etc as root -- probably not a good idea.
    Looking for those same type things legally: as before stated you'll get all sorts of nasties on your box anyway -- especially as super user.

    So, if you as a developer, ask me: Is it safe to run all my applications as root? I will believe you to be asking me from the first group of users: Yes. I would not even consider that a developer (with the full knowledge of all the evils that are out there) would expect that it would be a good idea to be in group two, thus I would not answer for that group unless specifically asked.
    Last edited by Kennedy; 01-11-2010 at 02:12 PM.

  13. #28
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Whoa...one thing to keep in mind folks is that everyone has to pick their own comfort zone. Want to run as root with all services exposed? Be my guest. People smarter than anyone else here thought the idea of root or admin priv. separation was a good thing. If you have users using sudo to muck up their boxes, the answer is blindingly simple: remove them from the sudoers file. Remember root is meant to be run by an admin or someone with their act together and has only been made available to the mere mortal when joe-sixpack wanted to give it a spin. At the end of the day, it is still a multiuser system with many layers of trust and access in place. If you don't use them you are as lost as the Windows user that just plugs his or her box straight into the cable modem (DSL, etc) with no firewall/protection. If you think that the world is NOT trying to get into your box (rootly or not) just open an ssh port and log it for a month. You will find zombies trying coordinated attacks at password guessing called the "slow hack" where the zombies will only try once every N minutes, usually not enough to trigger an alarm to the admin. They are out there, make no mistake, particularly if you own a static IP....
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  14. #29
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Pretty much that, yes.

    But a few notes in answer to Kennedy.

    which seems to me to be a naysayer's statement against Open Source coding, specifically GNU/Linux. -- perhaps, however, I misjudged such a statement.
    Indeed you have. You see, I don't take a stance in life in which I defend to death anything I believe in. All things (or at least all things I can think of at the moment) have their issues along with their advantages. But mostly, you - or anyone else for that matter -- can ever convince me that we found perfection in Open Source. Open Source is ran by humans and equally susceptible to their whims. It's obvious that a part of the strategy is spent checking contributed code to make sure nothing bad comes out of it. So, even open source developers are aware of the risk. Be it the potential for a bug or a new submission with suspicious code.

    Okay, however, you have posted 3 times in the Linux forum
    So? I like Windows too and you will hardly see me post on the windows forum. Try something else. I don't feel I need to ask or answer anything on that forum. All I need to learn from Linux, I learn somewhere else.

    Anyway, from later to earliest:
    - I've finally been using Linux full-time for a little over 1 year. I like it and I like it a lot.
    - I've been in and out of Linux pretty much around your time too. My first distro was SUSE back in 95 or 96, I believe. I used it until June 98. Know it well because it coincided with a job that would change my life but would also force me to concentrate on Windows.
    - I used Unix back in University pretty much everyday for 3 years.

    Contrary to you, however I never found sudo to get in my way. Go figure.

    ...

    My true experience with Linux is thus limited. Currently I'm using Arch and it's been a decision of mine to become a regular user a little over an year ago and let me tell you:

    - It's an operating system. Not my mother. As such if I have something bad to publicly say about it, I will. And I do.

    - I do enjoy it. As much as it annoys me the fact the only problem with Linux is not the operating system, but the people that use it and can't think for themselves.

    - I use apache, mysql, svn, I program in it, I install, delete and reinstall libraries, programs, and whatever. I save porn. I watch movies, I move stuff, I repartion, I have it networked on my home, I experiment a lot as part of my apprenticeship, I compile the kernel, I experiment changing the code for Gnome, etc etc etc...

    and never, not even once, not even in my dreams did I ever felt sudo was getting in my way.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  15. #30
    {Jaxom,Imriel,Liam}'s Dad Kennedy's Avatar
    Join Date
    Aug 2006
    Location
    Alabama
    Posts
    1,065
    Quote Originally Posted by Mario F. View Post
    and never, not even once, not even in my dreams did I ever felt sudo was getting in my way.
    So then we come to the point of the arguments for both sides: (to reiterate what -- it think ??Jeff?? -- said) it is a matter of choice and what you are comfortable with. Either choice you make, however, does not make you foolish or asking for trouble. If you know the risks and are okay with those risks, then it is great for you.

    In your case, if you are okay with sudo'ing everything, fine. I don't like the hassle and therefore don't. In the end, the only way to know if either of us is right or wrong is if the other's machine takes a flaming nose dive. Then, and only then, would the other be able to say "See, I told you so."

    I'm not so sure that I'm a firm believer in the idea that using Linux as root is "asking for trouble".

    @JeffCobb: I know at least one person on the SELinux team -- I _AM_ smarter than him.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Running Linux from a ramdisk (root)
    By cyberfish in forum Tech Board
    Replies: 2
    Last Post: 05-09-2009, 02:45 AM
  2. running programs within c++
    By pktcperlc++java in forum C++ Programming
    Replies: 7
    Last Post: 01-01-2005, 03:20 PM
  3. Running my programs
    By ComDriver in forum C Programming
    Replies: 3
    Last Post: 01-01-2005, 06:39 AM
  4. Running programs
    By Trauts in forum C++ Programming
    Replies: 6
    Last Post: 07-30-2004, 01:42 PM
  5. how to compile & run c programs in unix?
    By Unregistere in forum C Programming
    Replies: 2
    Last Post: 10-09-2002, 10:53 PM