I use root because I'm hardcore, like Mountain Dew.

unSpawn · 01-05-2007, 07:22 AM

//moderator.note: I changed the thread title to "I use root". "I root" would get a different treatment at LQ.

Emerson · 01-05-2007, 08:41 AM

Quote:

Originally Posted by chort

Running everything as root is no different than how most people run Windows, as Administrator. It has the exact same security problems. The more popular Linux gets, the more exploits are written for it. Since the rapid growth of the LAMP install base, a huge number of exploits have been developed for PHP applications. If Linux on the Desktop ever catches on, you can bet there will be a ton of exploits for that as well. If you're running as root when you get exploited by a bug in Firefox or GAIM, your whole system can be affected.

Also remember, it's not only the damage to your own system, it's mostly about the damage your system causes to others. Historically most exploits were written by hobbyists for "fun" or to prove a point. Usually they didn't do that much damage, but enough to get noticed (such as delete all image files, or all Word documents, etc). Contemporary malware writers do so for profit. They go to great lengths to hide the fact that they've compromised your system as they use it for sending spam, hosting phishing sites, or running automated attack bots that exploit other sites.

There are two very dangerous assumptions being made: a) that you will notice that your box has been compromised and b) that the compromise will only affect you. Both of them are likely to be incorrect. I could throw in a third dangerous assumption as well: c) Linux is more secure than Windows "just because".

This should be sticky, so it's easy to point for all those noobs who say:

I'm running as root. So what, it's my computer.

AphoxemaG · 01-05-2007, 03:27 PM

Reminds me of Microsoft not releasing updates for 'pirates' anymore, but still obviously preferring people used their software at no profit to them rather than explore their competitors.

I really dig that stuff, about the keeping things secure for responsibility and stuff. I remember having to deal with script kiddies on IRC and stuff who'd 'smurf' me and other people in our chat rooms, who would exploit shells and desktops to hit users with 100+k ping requests in masses. I think that's the perfect example of why it's so important... so.. I don't get DDoS'd by punts. Because, the world revolves around me, and stuff.

I didn't use users before because of the mounts thing, and I didn't realize how dangerous root could be (I mean, besides the equivilant of deltree C:\Windows -y).

Now I'm learning the importance of it as a self-heirarchal thing, that bad code and normally 'innocent' commands and software could obliterate my installation, likely when I'd least expect it.

Emerson · 01-05-2007, 04:17 PM

What exactly can you not mount as user? With correct fstab settings you can allow your user to mount everything needed. Also, sudo is very flexible and can be configured to allow certain commands. I'm using XFCE desktop myself and a little plugin on my panel allows me mount and umount removable devices just by clicking with mouse. All my removable devices are listed in fstab of course. man mount and man fstab will give you all necessary details.

AphoxemaG · 01-05-2007, 05:23 PM

On the previous page, I listed my fstab with the working (user accessable) mounts.

chort · 01-05-2007, 06:17 PM

Quote:

Originally Posted by odd2k

Actually, I'm only using this virtual machine for server stuff, trying out installs, building LFS and so on.

That still doesn't mean it can't be exploited. Just having NAT networking is enough. Playing Devil's advocate and saying you have no networking what so ever, it's still a bad habit to get into. Why "practice" by doing the wrong thing? What are you learning if you're not doing things correctly as you would (should!) in a real job?

Quote:

I rather see it this way: If an exploit is able to run commands on your system as a non-privileged user, then your system is already as compromised as it will ever be. I'm thinking of root kits and so on.

Incorrect. If they don't have root they can do a lot of nasty things, but it's very difficult to hide them even from less experienced administrators for long. Just being able to exploit and insecure web app doesn't automatically mean their going to be able to run a rootkit as wwwadmin and get ring0. They might not have a rootkit for your particular kernel version or distro.

As Microsoft knows all too well, it's usually not the OS kernel itself that allows for remote breakins, it's the applications you run on top of it. IIS4 was one of the worst products in history for security. IIS5 was also pretty bad. There have been almost zero exploits for IIS6 or applications running in it. Why? Because Microsoft rearchitected their webserver specifically for security and turned off all the example code and all the unnecessary extensions. Even if you do exploit something running in IIS it's not going to give you admin rights necessarily.

The point is: being broken into is bad, but being broken into and the attacker getting root is disasterous. The worst part about someone getting root on your box is that they can hide that fact from you almost indefinitely if they care to try. You might as well at least try to prevent the worst possible thing from happening.