Thread: Why is running programs as root so bad?

  1. #1
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158

    Why is running programs as root so bad?

    The XMMS2 help says this for one it's command line options:
    --yes-run-as-root Give me enough rope to shoot myself in the foot
    One of the first things I learned about Linux, was, to not run programs as root. And I've seen this all over (this one is a little more extreme, though). And until I saw this, I've assumed that it was for security concerns.

    Why is so bad to run programs, including trusted programs, as root?

  2. #2
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Because if you are running as root you can kill your system. That is part of the UNIX security model; if you cannot run your app as a mere mortal you have to ask yourself as to why you need to do this. If you follow the rules and just run as a user the worst you can do is screw up your home directory. Running as root (God-mode) will allow you to kill anything on your system, whether you meant to or not.....
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  3. #3
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    It is for security concerns.

    trusted programs
    trusted programs can have bugs that can wipe out your harddrive, too.

    Untrusted programs should never be run, not even as a user. At least not outside a sandbox.

  4. #4
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    Quote Originally Posted by Yarin View Post
    Why is so bad to run programs, including trusted programs, as root?
    Even trusted programs may contain bugs, or give access to other untrustworthy programs to run as root.

  5. #5
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Especially on an operating system as Linux where trusted programs are open-source and easy to recompile with malign code.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  6. #6
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    The problem with running as root is that malicious code can then spy on other users. Data destruction is an overblown fear -- the data owned by root is easily replaced (just reinstall) and the data owned by the users is also protected (you ARE backing up regularly, right?)

    The possibility of malicious code silently tracking everything you are doing is much greater than damage done to your system.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  7. #7
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Quote Originally Posted by Mario F. View Post
    Especially on an operating system as Linux where trusted programs are open-source and easy to recompile with malign code.
    Rolls eyes.

    Yes but common sense dictates that if you have the source for the programs you can check them yourself; with closed source you are in a 100% trust or not-trust situation. I prefer the former. At the end of the day the choice it up to each individual user.

    Do I want to check the source for everything I install as root? No of course not. However this becomes a fundamental question of "don't want to" versus "can't". Besides *I* don't have to check each individual piece of software as there are a lot of eyeballs going over the source. If you stick with Debian security/maturity model, staying with 'stable' will guarantee Mario's hallucinations to be nothing but a dream...

    Security through obscurity is not and never will be the best form of system security. I am not here to expound one OS/language over another, even if I personally think so. Lies cannot go unchallenged, regardless of how smart or ignorant the speaker is...
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  8. #8
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    This reminds me of Ken Thompson's Reflections on Trusting Trust... but wait, I cannot even trust code that I totally created myself

    Quote Originally Posted by jeffcobb
    Yes but common sense dictates that if you have the source for the programs you can check them yourself; with closed source you are in a 100% trust or not-trust situation. I prefer the former. At the end of the day the choice it up to each individual user.
    I think that many people are in a nearly 100% trust or not-trust situation either way. They may trust the closed source software because they paid for it, or they may trust the open source software because they reason that...
    Quote Originally Posted by jeffcobb
    Besides *I* don't have to check each individual piece of software as there are a lot of eyeballs going over the source.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  9. #9
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    Especially on an operating system as Linux where trusted programs are open-source and easy to recompile with malign code.
    LOL. What the heck.

    How about you run my version of cmd.exe? I don't even need to "recompile with malign code". I can just compile malign code.

    It's all about where you got it from. Open source or not.

  10. #10
    and the hat of copycat stevesmithx's Avatar
    Join Date
    Sep 2007
    Posts
    587
    At first I thought this root stuff can't be that bad. Then I noticed people getting kicked out of some linux IRC channels by bots for logging in as root. :-p
    Not everything that can be counted counts, and not everything that counts can be counted
    - Albert Einstein.


    No programming language is perfect. There is not even a single best language; there are only languages well suited or perhaps poorly suited for particular purposes.
    - Herbert Mayer

  11. #11
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Running any internet-facing application as root when it doesn't need the privileges (and IRC sure as hell doesn't) is just insanity. You never know what bugs lurk in there that allow a hostile remote system to make your program execute code.

    Basically, any internet-facing application is a potential remote access vulnerability.
    Any application running as root is a potential privilege escalation vulnerability.
    If those two groups stay separated, the attacker needs two exploits to gain remote root access to your machine. But if you have a program that faces the internet and runs as root, you only need one exploit.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  12. #12
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Quote Originally Posted by jeffcobb View Post
    Mario's hallucinations
    Laserlight pretty much answered your comments. But here's two different and equally dangerous scenarios for you:

    (assuming you like to run as root)

    - Get away from your laptop for 5 minutes and have a disgruntled workmate access it with a replacement of your favorite command line program.

    - Download the latest version of your favorite program which does unfortunately include a bug that corrupts your repository.

    I trust my mother for a great dinner, but I couldn't trust Mozilla, Debian, or even the Linux Kernel for a clean and hassle free piece of software any more than I would Microsoft. As noted before we shouldn't even trust our own code to do what we expect it to.

    The point of fact is that Linux offers a security model for a reason. One quickly learns from advise everywhere (or on the worst case, from experience) the dangers of ignoring this model. Damage, accidentally or purposely, become a possibility.

    The hallucination is believing:

    a) everyone checks the source code prior to install
    b) programs cannot come with damaging bugs
    c) the open source model is immune to malign code or intentions

    a) can only be a joke. b) is a simple lie as we well know.

    C) is a lot more interesting and worth a debate of its own. Believing the open source model, even the established projects are immune to malign intentions is really a bad, bad, move. One individual can insert malign code into the program and rely on the project often too-complex-for-its-own-good or completely-non-existing code revision methods in order to get the code into the released state. If there is one thing that oopsies like the Android Bug teach us, is that the open source model can be a victim of bad quality control and completely insane logic as any other type of code. And to add to that, there's not even on many cases a clear develop-test-release cycle on many open source projects who offer nightly-builds or simply dump their code to the public on a schedule basis.
    Last edited by Mario F.; 01-11-2010 at 04:17 AM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  13. #13
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    As a decade long linux user here's my take:

    New users should probably obey the recommendation, since you can do accidentally destructive stuff. Once upon a time, I busted glibc. That will ruin everything.

    On the other hand, it's hard to see how you will learn to be responsible unless you take responsibility. Like, it would have been impossible for me to ruin glibc as a normal user, but it did not happen just because I was root.

    What's implied is that you will never be using the system as root much, or that no one does. That's a lie.

    I never use anything but root, and that's always been true. Very occasionally I will log in as a normal user in order to test something that way during development. Also occasionally to sandbox untrusted code if glancing thru it makes me suspicious. Otherwise never. I cannot stand having to use sudo and enter a password to issue commands I consider normal. Other than that glibc thing years and years ago, this has never EVEN ONCE caused me ANY PROBLEMS at all. (I also don't use a reversible delete, aka trashcan, and the number of files I have accidently erased and gone whoops! would be <1 per year.)

    So, Yarin, I think you are a reasonably smart guy who is also a programmer and can forget your "yarin" account. Just use root. All those warnings are just to let people know that they can do stupid things that way -- but it will not happen because, eg, XMMS is psychotic or something. Totally not true. Like I said, years and years, I have never seen such a problem.

    And open source stuff is BY DEFINITION much less likely to contain malicious code than closed source simply because you will get caught -- no ifs, ands, or buts -- if you put something malicious into open source code. So, in fact, "the open source model is immune to malign code or intentions" in large measure. Bugs are a different issue, but it would have to be a very weird bug to lead to anything beyond just that app failing, etc.
    Last edited by MK27; 01-11-2010 at 09:41 AM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  14. #14
    {Jaxom,Imriel,Liam}'s Dad Kennedy's Avatar
    Join Date
    Aug 2006
    Location
    Alabama
    Posts
    1,065
    I second MK27. I've been using Linux since 1994 and always as root. I did, however, attempt to create "normal" users way back in the day, but I too was having too much problems with doing the common things -- like mount (which, back in the day was ONLY a manual thing from the COMMAND LINE) -- so I changed all my users to be root accounts.

    I even have the MOST ILLITERATE computer user in the world running an embedded system I built back in Feb of 1994 (using Linux). To date, the only data corruptions I have _EVER_ had were 2 times -- once my mistake when I did a rm -r * from / thinking I was in another directory, but you cannot fix stupid -- the second was a kernel error in the Reiserfs module -- logging in as root or no would not have made a difference.

    Use root if you know enough about Linux -- don't if you don't.

  15. #15
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    *cackle*
    Too funny.

    So this is the final answer it seems. "Nothing bad ever happened to me, so go ahead and do it, Yeehaa!"
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Running Linux from a ramdisk (root)
    By cyberfish in forum Tech Board
    Replies: 2
    Last Post: 05-09-2009, 02:45 AM
  2. running programs within c++
    By pktcperlc++java in forum C++ Programming
    Replies: 7
    Last Post: 01-01-2005, 03:20 PM
  3. Running my programs
    By ComDriver in forum C Programming
    Replies: 3
    Last Post: 01-01-2005, 06:39 AM
  4. Running programs
    By Trauts in forum C++ Programming
    Replies: 6
    Last Post: 07-30-2004, 01:42 PM
  5. how to compile & run c programs in unix?
    By Unregistere in forum C Programming
    Replies: 2
    Last Post: 10-09-2002, 10:53 PM