[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User Experience improvements for Anaconda



On Sun, 2010-11-28 at 13:00 -0600, Bruno Wolff III wrote:
> On Sun, Nov 28, 2010 at 10:26:59 -0500,
>   Chuck Anderson <cra wpi edu> wrote:
> > 
> > It is more risky to run more code as root than to run less.  Logging 
> > into a graphical desktop as root means /everything/ runs as root, from 
> > the window manager to the browser and everything in between.  This is 
> > much more risky than just running a command or shell as root using 
> > sudo or su.
> 
> Not as much better as you might think. If the user account gets compromised
> (as opposed to cases where you make a mistake with a command), then later
> when it swiitches to root the malware can use the root credentials to do
> other bad stuff. This may give you time to notice the problem and requires
> the malware to be more complicated. The more complicated malware only needs
> to be written and distrbiuted once.
> 
> _______________________________________________
> Anaconda-devel-list mailing list
> Anaconda-devel-list redhat com
> https://www.redhat.com/mailman/listinfo/anaconda-devel-list


I think it's not only about compromised accounts. The thing is that if
you log in as root, you run everything as root, even stuff that does not
need root privileges, and some of this software can do some bad things.
If you log in as a normal user, and run everything as normal user,
except for stuff that _really_ needs root privileges, there's a smaller
chance some malware will have root privileges too, if you don't run it
with sudo yourself. Of course there is always a chance that your system
is attacked even with a normal user, but when you're using root as
little as possible, you are lowering the chances of that.

-- 
Martin Gracik <mgracik redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]