It all comes down to this:
Principle of least privilege - Wikipedia, the free encyclopedia
Your application doesn't need root privileges, so it should not have root privileges.
The caveat to new users is because of #1.
WRT to #2, don't run malicious processes! Or,
sudo -u nobody someapp
It may not need root privileges, but I do. (The only problem with this one is GUI's must run as the same user as the X.)
In essence, it's quite irrelevant if I know my system well enough or not. To that I would also have to add a few other variables, like where I get my software from, under which conditions I'm running my computer, even if I'm feeling particularly drowsy from so much work, or even distracted by something else.
To grab the whole issue of security and pretend to put it in a box called "Experience" is quite extraordinary after so many years of common computer usage. It just feels like some people still don't want to learn the lesson... or pretend there is no lesson to be learned. One can play hardcore all they want, but the simple matter of fact is that running Linux as root is disregarding security and call it a bluff. All simply because one's lazy and thinks "sudo is too much work". Or because they think that impresses the chics.
But being that the case (security in Linux being a bluff). Necessarily These guys would be full of it and Bugs in the kernel or in other code that can be the target of exploits never existed.
Forgetting for a moment that if Yarin asked it already means he needs to use Linux as a normal user and assuming for a moment that Yarin would be a top Linux user and kernel coder with over 10 years of experience, there's also one fundamental aspect he would be forgetting when he chose to run his linux machine as root all the time:
That security is about prevention, not resolution. Your security can fail even before any attempt against it is made or any damage is done. So, it is quite alright whatever you decide to do with your machine. But don't hide your lazyness or whatever other motivations you may have to run your system as root all the time behind a false veil of security. You are ignoring security. And that simply means your whole experience is resumed to "Nothing happened so far. I'm ok".
I guess the author of that XMMS2 line just shares Mario's sentiments.
Just use root.
I'm not paranoid, but that can't be good advice.Quote:
I second MK27. I've been using Linux since 1994 and always as root.
I'll just stick with POLA. :)
Ah, messing up glibc (assuming you know that's what you broke) is an easy fix. I can image much worse.Quote:
Once upon a time, I busted glibc. That will ruin everything.
There are plenty of programs that you can, and need to, run as root that have the ability, and are often designed specifically, to modify your system/repository. I think a fear of bugs is a bad reason not to run as root.Quote:
Download the latest version of your favorite program which does unfortunately include a bug that corrupts your repository.
But wow though, that Android bug is scary - and even more so funny. :D
Thanks for the replies.
You can configure sudo to not ask for a password. Even that is more secure than running as root all the time.
While I mentioned it, I understand some would like to debate the importance of securing against malicious code creeping out from Open Source programs. I understand they may want to debate it, but don't see how any debate could ever exist. But whatever.
Instead do not dismiss software bugs as an issue that cannot affect you in terms of security.
I guess what is the most funny thing to me is that the avid hater of Linux would say not to use root.
As in, I hate Linux so much that I KNOW FOR A FACT that using root is VERY DANGEROUS.
You are obviously correct in your assessment of root@linxbox Mario. How much Linux experience to you have again?
Originally Posted by Mario F.
I wasn't into programming, beyond shell scripting, at the time. I actually didn't know exactly what had gone wrong. Later it occurred to me it was because I tried to rebuild the C library in place (never mind why), and did not understand that EVERYTHING links to it. I had a rescue disk to get my data off the partition, but I had to re-install and start over a years worth of tinkering.Quote:
Ah, messing up glibc (assuming you know that's what you broke) is an easy fix. I can image much worse.
The funny part -- as in funny strange, not really ha ha -- was that it occurred in Aug 2001. When I had to pick a host name for the system, I could not be bothered to come up with anything (I used to use like "red.flower.poem" and stuff) but didn't want the default "localhost" so I used the date of the re-install, 9.01.01. So for a long time after that my bootup message was ""Welcome to 9.01.01". And I still wasn't sure what had gone wrong, just that it went very wrong and couldn't be fixed. Eerie. Still gives me the shivers, actually.
FYI, I don't hate Linux. Quite on the contrary. You just don't frequent these forums frequently enough to know that, it seems. And help me here too... because I'm starting to doubt your own judgment... exactly where does User Experience fits with defending or arguing against the decision to run as root all the time? I'm dying to know.
Well first the makers of XMMS are trying hard to hit you with a cluebat with this:
That said, there are three primary dangers of using root fulltime (unless you are ready to throw your box away and reburn at a moments notice):Quote:
--yes-run-as-root Give me enough rope to shoot myself in the foot
1. Malicious code: Back doors, etc. This was tried recently, caught fast (< 24 hours and fixed)
2. Buggy code: This is one of the key benefits of the Debian maturity model. I can find exact dates on this for the interested but it goes like something like this:
There are three primary classes of code in the Debian repository: stable, unstable and testing. If a package is in the stable branch, that means there have been no bugs or malicious code found in it in over 18 months. Old? Yes but freaking rock-solid. Unstable means no show-stoppers have been logged in something like 12 months; a package here may have seen some cosmetic changes but fundamentally the package is sound. Testing is just what it sound like: It hasn't eaten anyones cat recently but beyond that, not promises are given.
With this setup you can pick your poison. For Internet-facing boxen, I stick with stable (mail and web for one thing). For home servers I do unstable to get newer releases and for dev laptops that can go south at any time...well still stick with unstable.
The thing is this limits by a great deal how much code auditing you have to or need to do. If you run everything as root, the simple truth is you are one password away from being owned.
Reason 3: Your own stupidity: in which case you have yourself to blame and it matters not which OS you run you are an accident waiting to happen. Some folks are not meant to run anything more complex than an iPod...it's just that simple. By the fact that this is a coders board I would put few if any in that group.
We here at Casa Cobb do the sudo route so that all rootly-things are at least logged, run rktoolkit to watch for things that seem fishy and always use our own accounts/PW. We do not allow remote root login access so anyone trying to get it would need to know at least two passwords to get past the front-door.
No system is perfect; in our case after running Windows for <deity> knows how long in a Fix or Repair Daily mode, moving to Linux was hard at first (wife is still learning but doing excellent) but well worth the investment in time. Is it for everyone? Absolutely Not. But it works for us and works damned well. No malware, no virii, just turn it on an go.
And in other places you have been "Not so Linux friendly". You should understand why one would think that with statements likeQuote:
Originally Posted by Search Results
which seems to me to be a naysayer's statement against Open Source coding, specifically GNU/Linux. -- perhaps, however, I misjudged such a statement.Quote:
Originally Posted by Mario F.
My answers to these questions are as follows:
breakdowns becase these were run as root: No.
greater failures if had been run as root: No
root without screwing it up: Yes
running the system as an unprivileged user: YES
sudo the software that chunks the machine: NO.
I have numerous cases of my parents chunking their machine (and I don't give them admin rights -- which they complain about often) due to their incredible ability to really hose up the software, routinely. Even without administrator privileges they still find ways to complete crap up there machine such that I spend hours fixing their install.
Running as root is safe if you are willing to accept the risk. If you, however, go out surfing for porn or other crap (where malicious code is known to exist) as super user, you can expect your machine to go down in flames. If you are only using your computer for specific purposes that are not so risky, you'll be fine.
Writing code for your machine, in my opinion, is quite safe as root.
Surfing for answers to your coding questions as root, in my opinion, is about 75% safe.
Frequenting this web site hourly as root, in my opinion, is very safe.
Looking for peer-to-peer programs to illegally take others programs/music/videos/pictures/etc as root -- probably not a good idea.
Looking for those same type things legally: as before stated you'll get all sorts of nasties on your box anyway -- especially as super user.
So, if you as a developer, ask me: Is it safe to run all my applications as root? I will believe you to be asking me from the first group of users: Yes. I would not even consider that a developer (with the full knowledge of all the evils that are out there) would expect that it would be a good idea to be in group two, thus I would not answer for that group unless specifically asked.
Whoa...one thing to keep in mind folks is that everyone has to pick their own comfort zone. Want to run as root with all services exposed? Be my guest. People smarter than anyone else here thought the idea of root or admin priv. separation was a good thing. If you have users using sudo to muck up their boxes, the answer is blindingly simple: remove them from the sudoers file. Remember root is meant to be run by an admin or someone with their act together and has only been made available to the mere mortal when joe-sixpack wanted to give it a spin. At the end of the day, it is still a multiuser system with many layers of trust and access in place. If you don't use them you are as lost as the Windows user that just plugs his or her box straight into the cable modem (DSL, etc) with no firewall/protection. If you think that the world is NOT trying to get into your box (rootly or not) just open an ssh port and log it for a month. You will find zombies trying coordinated attacks at password guessing called the "slow hack" where the zombies will only try once every N minutes, usually not enough to trigger an alarm to the admin. They are out there, make no mistake, particularly if you own a static IP....
Pretty much that, yes.
But a few notes in answer to Kennedy.
Indeed you have. You see, I don't take a stance in life in which I defend to death anything I believe in. All things (or at least all things I can think of at the moment) have their issues along with their advantages. But mostly, you - or anyone else for that matter -- can ever convince me that we found perfection in Open Source. Open Source is ran by humans and equally susceptible to their whims. It's obvious that a part of the strategy is spent checking contributed code to make sure nothing bad comes out of it. So, even open source developers are aware of the risk. Be it the potential for a bug or a new submission with suspicious code.Quote:
which seems to me to be a naysayer's statement against Open Source coding, specifically GNU/Linux. -- perhaps, however, I misjudged such a statement.
So? I like Windows too and you will hardly see me post on the windows forum. Try something else. I don't feel I need to ask or answer anything on that forum. All I need to learn from Linux, I learn somewhere else.Quote:
Okay, however, you have posted 3 times in the Linux forum
Anyway, from later to earliest:
- I've finally been using Linux full-time for a little over 1 year. I like it and I like it a lot.
- I've been in and out of Linux pretty much around your time too. My first distro was SUSE back in 95 or 96, I believe. I used it until June 98. Know it well because it coincided with a job that would change my life but would also force me to concentrate on Windows.
- I used Unix back in University pretty much everyday for 3 years.
Contrary to you, however I never found sudo to get in my way. Go figure.
My true experience with Linux is thus limited. Currently I'm using Arch and it's been a decision of mine to become a regular user a little over an year ago and let me tell you:
- It's an operating system. Not my mother. As such if I have something bad to publicly say about it, I will. And I do.
- I do enjoy it. As much as it annoys me the fact the only problem with Linux is not the operating system, but the people that use it and can't think for themselves.
- I use apache, mysql, svn, I program in it, I install, delete and reinstall libraries, programs, and whatever. I save porn. I watch movies, I move stuff, I repartion, I have it networked on my home, I experiment a lot as part of my apprenticeship, I compile the kernel, I experiment changing the code for Gnome, etc etc etc...
and never, not even once, not even in my dreams did I ever felt sudo was getting in my way.
In your case, if you are okay with sudo'ing everything, fine. I don't like the hassle and therefore don't. In the end, the only way to know if either of us is right or wrong is if the other's machine takes a flaming nose dive. Then, and only then, would the other be able to say "See, I told you so."
I'm not so sure that I'm a firm believer in the idea that using Linux as root is "asking for trouble".
@JeffCobb: I know at least one person on the SELinux team -- I _AM_ smarter than him.