LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-23-2006, 10:58 AM   #1
gregorian
Member
 
Registered: Apr 2006
Posts: 509

Rep: Reputation: 34
Why is it unsafe to browse the web as root?


A lot of people online advised me to never browse the web as root.I can understand why you must not work as root for doing day to day tasks as it is really easy to mess the sytem files up.But would somebody mind explaining what harm could merely browsing the web do?

Also I wish to know why is it unsafe creating a file beginning with ' . '
in the current directory.I thought ' . ' only makes a file hidden.

Thanks a lot for your help.
 
Old 04-23-2006, 11:33 AM   #2
ataraxia
Member
 
Registered: Apr 2006
Location: Pittsburgh
Distribution: Debian Sid AMD64
Posts: 296

Rep: Reputation: 30
Quote:
Originally Posted by gregorian
A lot of people online advised me to never browse the web as root.I can understand why you must not work as root for doing day to day tasks as it is really easy to mess the sytem files up.But would somebody mind explaining what harm could merely browsing the web do?
If you go to a page that has some nasty script on it, that breaks into your browser, it can do anything you can do. So, if you browse as root, it can do anything to your machine. If you browse as non-root, it can only mess up your personal stuff, but not break the system.
Quote:
Originally Posted by gregorian
Also I wish to know why is it unsafe creating a file beginning with ' . '
in the current directory.I thought ' . ' only makes a file hidden.
It's not unsafe, as far as I know. I think somebody told you wrong
 
Old 04-23-2006, 11:42 AM   #3
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 75
While running as root, if there are any security flaws in the apps you are running, outsiders can use those to gain access to your system. Sometimes Unix security measures seem to be a bit paranoid, but its always for a reason.
 
Old 04-23-2006, 11:44 AM   #4
seandon4
LQ Newbie
 
Registered: Sep 2005
Distribution: Slackware
Posts: 24

Rep: Reputation: 16
Hello. Doing anything as root for day-to-day things is risky. One slip and you could accidentally delete or overwrite a wad of important files and not easily know how to get them back. Web browsers can execute scripts which have the potential to do things to files on your PC, though, admittedly, this is unlikely unless security is broken (if someone has found an exploit.) For example, the same risk exists in Outlook in Windows, which can execute scripts from Spam messages without you knowing it. Causing spyware, etc.

Never heard of '.' (hidden) files being unsecure.
 
Old 04-23-2006, 12:12 PM   #5
gregorian
Member
 
Registered: Apr 2006
Posts: 509

Original Poster
Rep: Reputation: 34
Here is the exact text:

How to keep from accidenatlly running a Trojan in your shell account. Damian advises "NEVER put '.' (the current working directory or cwd) in your path! If you really want "." in your path, make sure it is the last one. Then, if a Trojan like ls is in your current directory, the _real_ ls will be used first. Set your umask (umask is the command that automatically set permissions on all files you create, unless you specify otherwise) to something more secure than 022, I personally use 077. Never give group or other write access to your directory and be leery of what others can read." For your reading enjoyment, use the commands "man chmod" and "man umask" to get all the gory details.
 
Old 04-23-2006, 12:21 PM   #6
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 75
That text does not mean that there is a problem with hidden (dot) files. Its pretty self explanatory in my opinion.
 
Old 04-23-2006, 12:44 PM   #7
gregorian
Member
 
Registered: Apr 2006
Posts: 509

Original Poster
Rep: Reputation: 34
Iam a newbie user but I understood that chmod and umask part.But what do you mean by not putting ' . ' in your path and how does it affect you.

If possible kindly illustrate with an example.
 
Old 04-23-2006, 03:26 PM   #8
mcmillan
Member
 
Registered: Jul 2005
Distribution: Arch
Posts: 489

Rep: Reputation: 30
Your path is all the directories that can be used will execute files by just typing the file name instead of the whole location. For example, say I have a script in my home folder I want to execute. Without the home folder in the path you have to type ~/myscript. If it's in the path you can just type myscript. Using the period is a shortcut for what ever the current directory is. I can see that adding "." to your path could be a risk, because then some malicious code could get executed easily if it got installed. Otherwise it would have to know the location on your system. In case you want to know what your path is you can type echo $PATH. Also some other directory shortcuts that my be useful in case you don't know are ~ which I already mentioned is your home directory and .. is the directory above the current one.
 
Old 04-24-2006, 02:50 AM   #9
gregorian
Member
 
Registered: Apr 2006
Posts: 509

Original Poster
Rep: Reputation: 34
Ok Now I get it thanks for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What do you use to browse the web? DeusExLinux Linux - Software 20 11-29-2004 09:33 AM
using scanner 'unsafe' as root irfanhab Slackware 2 08-04-2004 10:38 PM
cant browse the web greyfox007 Mandriva 23 04-02-2004 10:37 PM
Cant Browse the Web daniel5455 Slackware 3 04-17-2003 11:17 PM
Can't browse the web..... eForce Linux - Networking 7 07-07-2002 09:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration