Slashdot Mirror
New Linux Distros Insecure by Default?
An anonymous reader submits Two articles on Codefez and NewsForge review releases of Linspire 5.0 and Linare. Both these distributions let the user run as Root by default after installation, and don't prompt to set up a user ID. Is this a start of a new trend of 'dumbed down' Linux distributions that will damage the Linux reputation for security?"
I mean they have the chance to sell a reasonably secure OS and insted they do this. Hanging's to good for em.
You're not being a Devil's Advocate, you're just trolling.
Normal users can usually download, compile and use apps, and delete that which is theirs, but that doesnt meant they have access to install or delete code or configurations available to every user on the system.
Agreed. I'm a mac/freebsd user here, and I have to appreciate Apple's attitude toward user security.
Out of the box, the root account is locked out. You can't log in as root unless you type this:
sudo passwd root
Then it prompts you for your super user password, then asks you to reset root's password.
You can have sudoers on the system, but no root. Lin(are|dows|spire) could have done well to go with this model as well. Have no idea why they didn't.
Karma: Chameleon (mostly due to the fact that you come and go).
Linspire *does* have a "setup your computer" window come up. One of the buttons on it is to create a user account.
Not perfect, but not as egregious as it was in Linspire 4.5 either.
Jay | http://oldos.org
http://www.livejournal.com/users/speedingcars/
Linspire has been doing this for awhile. They're trying to make newbies as comfortable as they can, but unfortunately they're doing it by emulating even the worst ideas of that other OS.
Could someone explain what the true risks of one primary user running his computer from the root account? I am a new Linux user (six months) and I have been running from root since I installed it and I havent had any problems thus far. No one owns my box (at least as far as I can tell!)
.rpms
What are the real hazards? Ive heard everything, dont make changes from root account, don't install
Whats the purpose of the root account if you are not to use the OS from it.
Please shed some light on this.
Thanks
Linspire (formerly Lindows) made that decision a long time ago, and it has been brought up on Slashdot many-a-time...
/.) also noted this problem...
A quick search reveals this article from 2003 in which the founder of Lindows states his case for the matter...
And this review from 2002 (linked to by
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
This is pretty much what the default install of Ubuntu does too. Expert install makes a separate root account though.
Every linux distro I have used since Yggdrasil has done this. Red Hat 5, Slackware ninetywhatever, Mandrake, Gentoo, Debian, Caldera OpenLinux, SuSE. . .
:-), but in my experience it's standard practise to start the user off with a root account and make the normal user account optional, possibly with a little admonishment saying that you really shouldn't use root if you can avoid it.
I've settled down in my Distro-hopping, so the examples I used in most cases were over four years old (Yggdrasil most certainly was.
None of them have ever spent much time explaining how sudo works and why you should use it.
One of the best things about linux is ordinary users don't have write access to the entire computer. This means that if one day linux malware does become a problem (as Microsoft predicts), then it will only affect individual accounts and not the entire computer.
Aside from malware that probably doesn't exist yet, it's still a good idea to have a window pop up or a console to prompt you for a root password because it lets the user know the action they take may harm their computer. It also hinders mistakes like deleting necessary files from happening accidentally. Security should be the main concern of a computer connected to a network or in an area more than one person can use. This enforces that concept and can greatly protect a computer than if it was always running as root.
OK, so the user is root by default but presuably services are still running under service accounts? That, surely has got to be of benefit.
I installed Ubuntu just the other week and was momentarily perplexed that I couldn't su to root. After some consultation on IRC, I learned that Ubuntu has no root account by default, and you can access things you'd normally do as root by sudo, and applications requiring root just ask for your password. As I understand it, this is similar to how it works in OSX. In my opinion, this is the right direction to go in for single-user machines such as home desktops. Of course, stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything. I can't really think of any way off-hand to give home users the power they need to install apps while still preventing trickery like that..
Security and useability are closely tied.
If a lock is so hard to use it never gets used it's a bad lock.
A blog I run for the wealth
I agree, mc / midnight commander isn't enough.
It's a design thing that requires a rare holistic view.
The best candidate to watch is osX but I'm not familiar with that
A blog I run for the wealth
Normal users can usually download, compile and use apps, and delete that which is theirs, but that doesnt meant they have access to install or delete code or configurations available to every user on the system.
I think you'll find that in today's world there aren't that many people just sharing a 'slice' on a multi-user timesharing system. Heck, things have gone the opposite way. I have a 4 port KVM at home, and am wanting to upgrade to 8-way.
The user model for Unix is showing it's age. The way that it was 'cleaned up' in BeOS seemed pretty good, but BeOS has gone away. (BeOS had a lot of POSIX-ness, and the GNU toolchain, but not the cumbersome multi-user design)
A clueless newbie should never consider there OS to be secure, they dont have the knowledge to make a judgement on it.
Maybe a lot of the demographic this distro is targeting doesnt even know what root is.
Plus, there is a saying (from the *BSD folk i think) "without physical security there is no security"
Get a bit of perspective, you need knowldege to have security, its not just a configuration issue.
If you want it free, go with Ubuntu, If you want it cheap, go with Windows, and download freeware apps. It seems like Linspire users are paying just to use a second- rate distro.
Anyone care to enlighten me?
The toad can't burp - and for some reason can't fart either, so it swells up and eventually explodes. --Anonymous Coward
What I'd like to see is even more user granularity. One account for browsing the web, another for reading email, another for ftp'ing. Even if you download or click on some malware, not only is your OS protected, but now your user id's files are also safe.
When it comes time to actually use the files you downloaded, there should be a malware-scanning chown that checks the file is safe before assigning it over to you, perhaps on top of a check that firefox's chroot jail is not disturbed.
Linspire 5.0 installs as root just like any Linux OS but informs you to create users after setup.
I wish that would quit popping up every time Linspire turns a corner.
Ubuntu is a good example of the right way to do things I think. Root's there but you have to look up how to do it. However Linspire seems to have more things working for it. Unbuntu cant suspend on some machines, Linspire can, Unbuntu cant see my broadcom wireless card and getting my prism54 card going was tricky but in both cases Linspire worked just fine with either card. Still I like to see where ubuntu goes in a few years. Debian definately needs a kick in the arse and looks like ubuntu will do it.
system which I can easily reinstall, unlike the personal data which, while it should be backed up, can't be relied on to be backed up every minute and shouldn't be accessed by someone else regardless. Root makes sense on a multi-user system from a sysadmin's point of view where the integrity of the system is paramount. A single user in his home has different priorities - his personal data is paramount - and he's just as owned from one account as the other.
And this is one of the countless reasons that Linux should be moving towards a database fileystem. That way the normal user could screw up his system as much as he wants and the root user would still be able to restore it.
At home I run lots of computers and all of them have multiple accounts lets take my home laptop:
one account for my day to day use
one account set up for Oracle with different sets of administrators (essentially an Oracle root account)
one account set up for my wife. Looks much more Apple defaults
one account for my daughter (low privs)
a root account
a guest account
or my daughter's computer:
one account for me (administration)
the administrator account (higher privs)
one account for my wife (user account with privs but actual user data)
one account for my daughter
one guest account set aside for my daughter's friends
one guest account for other people who want a PC but are adults
These are home systems.
Damage Linux's reputation?
Come on. Too many people care too much about rumors and "repuations" instead of getting the facts. People who seriously use and understand GNU / Linux know that scares like this are stupid, and that no operating system is secure by default: in order to secure your computer, you need to understand how it works yourself... you can't simply trust a company to secure it for you.
If anything, this will damage Linspire's reputation, not GNU / Linux's reputation. People probably think that Red Hat, SUSE, and Linspire are all unrelated anyway.
I was reading this post, and I got to thinking about a comparison that Linspire had put up on one of their sites (then called linuxshootout.com; now called tryoutlinux.com). It was pretty bogus then. Anyway, I tried to go there, and got forwarded to the URL listed above. It's interesting how they claim that they are the most popular version of Linux for desktop computers. Yes, you heard me right.....Head on over to tryoutlinux.com, and check out point number 5 under the 'Why Linux' section.
1. Design linux distribution that mimics the look and feel of another profitable operating system as well as offering similarily poor security charachteristics.
2. ?!?!?
3. Profit.
Only M$ knows the answer to part 2.
zosxavius photography
Considering that a lot, if not most, computers are used by one user then the whole root access thing is moot.
/home/ which is obviously (intentionally) vulnerable
2.) Malware can still run automatically from things like ~/.bash_rc everytime the user logs in which is typically how a lot of malware works on windows too ...run_once/run/etc in registry.. autoexec.bat.. whatever.
Going back to my first statement, if only one user uses a machine and he/she/it gets malware the whole root thing doesn't help. All you really saved was the OS and thats easily replaced (don't mistake time for simplicity).
Does linux, freebsd and soloaris have a better security model than windows? Yes obviously (IMHO). Is it going to save you from malware? Hell no... Will it protect your valuables? Not likely.
Any asshole can whip something up to scan for r/w directories and empty the contents. Hell its easier to do than in windows with shell scripts. From my point of view a root account wouldn't be much more useful than the user account you want to spy on.
1.) All the important, not easily recoverable files are typically in
Those are good points - thanks. I guess I can see the advantage if you were making a limited set of commands available to select users in a multiuser environment. But I still think that exposing all root commands on a single-user box like Apple and Ubuntu is a cracker's dream. Well, OK, that'd be win98, but still. Personally, I'd like to see the user have to enter the root password, or a third 'sudo' password to have access to 5 minutes of root access, but cie la vie.
Linspire does not run as root. It does allow one to do so -- but so does Fedora, SuSE, and Mandrake. The problem is not with this but having 30 daemons running by default when possibly 7 are needed.
Sigs are nice guns
But it's not just the maintenance of the actual distribution. Web communities like Slashdot will look down on you and only half-heartedly report on your latest achievements -- meaning that thousands of potential customers of you will get less information about you, or even negative commentary. When people want to know "Which distro should I use first?", the kind of people they will ask for advice will probably not recommend you.
Michael Robertson and similar people look down on the open source community. They think it has produced something they can turn into money, but secretly they believe that "they know better" because, if they didn't, why hasn't the open source community already achieved what they set out to achieve? Thus, the decision to make the distro root-only is justified as "user friendly", and people who clearly know what they are talking about are ignored. This leads to the alienation of the community with the aforementioned effects.
A distro maker needs to listen to his users, and be able to distinguish between suggestions from people who have lost touch with reality ("make vi the default editor") and those who have reasonable concerns. Those who do not listen to their users will fail. That is the beauty of competition in a market for a product that is largely community developed and community marketed.
Ubuntu seems like a safe bet at this point. Community developed, with a smart leader and a sufficient amount of money behind it to make it work.
Well... hell he was a director of the company, so therefore he was entitled get to log in a root on "the company" unix box.... it only seems logical that he should log in a root all the time.
/usr/bin were also in /bin (on AIX).... so he elects himself to clean up one directory.... rm -rf /usr/bin.
. html
But that was just the start...
Next thing were the permissions on the files/directories that he created. They were just wrong. We couldn't read some files he created that needed to be shared, we couldn't fix the permissions, we couldn't rename or move directories created by him. We couldn't even tell which were his creations.
I chatted to him about "root login issues", but at the end of the day, he was a director.
Finally one day he found the system was short of diskspace and notices that the files in
And so... one CAN learn from experience.
Unix/Linux Level Description and features:
beginner - has not figured out how to get a directory listing
novice - knows that "ls" will produce a directory listing
- has had his FIRST BAD EXPERIENCE with rm!!!
user - is wondering how to move a directory
- knows how to read his mail and is wondering how to read the news
knowlegable - has figured out that mv(1) will move directories
- once used sed to do some text substitution
expert - write C programs using vi and compiles with cc
- has figured out what "&&" and "||" are for
hacker - uses adb because he doesn`t trust source debuggers
- knows how to install bug fixes
guru - uses adb on the kernel while system is loaded
- reads device driver source with his breakfast - has learned how to breach security but no longer needs to try
wizard - writes device drivers with "cat >" - is on first-name basis with Dennis, Bill, and Ken (and Linux -)
The full list is here: http://www.interhack.net/pubs/unix-user-hierarchy
Cheers
NevilleDNZ
Unix/Linux Level Description and features: :-)
OOPS.... was meant to include Linus:
wizard - writes device drivers with "cat >"
- is on first-name basis with Dennis, Bill, and Ken (and Linus
If malicious software is installed by a user, when you type ps ax or use top or whatever gui tool you use to find out why the hell your machine is so slow you will see it running. Then you say "Oh shit! Rebuild time!". If the software gets onto your machine via the root user it can replace all these tools, or even insert a kernel module to intercept syscalls. It could then slowly corrupt all your data over several months (slowly screwing up all your backups along the way), or sit there spewing out spam and DDOS attacks. In the second case the only way to tell something is wrong is that your machine seems slower.
and applications requiring root just ask for your password ...
stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything.
Because telling them to have and use a separate root password, and why, isnt an user education issue?
To me this clever trick is actually a nice way to lose an opportunity to do such an education.
2 or 3 days ago, a newbye on a community forum for another user-friendly distro was complaining that he had to type his root password all the time. He said he wanted to login as root which the graphical login didnt even permit.
After one hours, he had posts explaining why it was a mistake from a security point of view, from a personnal confort point of view (too late he had already lost one important directory), explaining how to use su, sudo, kdesu, the "choose another user" features of kde, how to use fish and openssh in konqueror to become root, etc etc. In one hour, he was educated, convinced, had ways he could use to go around the trouble IF HE WANTED and therefore, he had been helped A LOT.
This clever trick should happen AFTER a user is educated, at his request, and right now it just prevents that.
I currently have Firefox, Thunderbird, Quanta Plus, Anjuta, and a terminal window open. These are the bare minimum for performing my job and I'm sure nearly every employed programmer is the same.
I doubt there's much overlap between users capable of doing this and users likely to have malware on their machines.
This is actually a very good idea, but very hard to implement with current commercial operating systems without driving the user crazy (log in, log out).
The basic problem is that processes run with the full privilege of the logged in user. This violates the principle of least privilege. Why should your web browser be able to format your hard disk? Overwrite your tax documents? Why should your word processor be able to instantiate a network connection? It's not just access to files, it's access to services. The Java sandbox model goes some way to providing this kind of security.
There is some interesting work on distributed capability systems (based around cryptographically protected access tokens attached to the processes, rather than access control lists on objects with user permissions).
Check out http://www.erights.org/ for some very interesting information on these types of system. It's also the home of the E language - a secure language for building distributed capability based systems.
I think people have not spent considerable amount of time and effort into explaining and educating users about how to use sudo for their necessities and not just su or even worse - login as root, totally discarding the normal user account, to solve their problems. I spent the first 4 months of my linux life (after I switched from Windows one fine day) without realising that there was something called sudo and running as root all the time inorder to avoid all problems. This I think is partly due to the fact that when using a distro, the very existence of something called sudo is hidden. They should make a GUI component or something, through which a normal user can login as root and configure the sudo options that he needs once and for all. A GUI interface like this, can make configuring and using sudo more attractive to desktop users and they'll probably not jump to root to satisfy their needs next time! I still remember that day when I was configuring the /etc/sudoers in vim. A normal user wouldn't want to do this in vim!
Not quite.
It only takes one linux distribution to be unsafe for certain marketing whores to start up the FUD machine and start cashing in on that piece of information. It may be disonest but that's the way marketing works. While the people on the know will laugh at the idea, the ignorant masses will read that linux, as a whole, is very insecure and move away from it.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
...that unless and until the difference between root and other levels of access are clearly explained as well as sudo, this will keep on being old news.
Look at the false security of WinXP Home. "Oh, I'm not worried, I can't log in as Administrator unless I go to Safe Mode." So what? The average user's account is Administrator group by default and it's always root access. No end to the misery you can get into. Trojans can get total system access without their coders trying very hard at it. There's a reason they're called script kiddies.
I've said for years that ease of use is the number one make or break thing for the Linux world and it is, but there's no need to sacrifice all the wonderful better things just to make it happen. That's just distro builder laziness. As with the Debian bunch, I'm willing to wait a little for stability and security.
So all you distributors hard at work out there, when you're doing your conceptualizing, try conceiving of a step-by-step welcome on boot explaining this very important thing called security. A little bit of education would go a long way. Hint: try asking some of the people who do CGI out there to make an animated penguin presentation for you if you need help getting the average user's attention.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
People who migrate to Linux under the assumption the it is more secure and easy to administer might as well stick to using Wincrap. The fact is that a good prortion of these lazy sys admin noobs that do this are those same people that don't install anti-virus, firewalls, updates, patches, et cetra. What make you think these people are going to enable the security feature in Linux if they didn't do so in Windows? The fact is that no matter what OS you are running, if you don't take care of it then you are inviting trouble.
Yes, I do believe that Linux is a great OS and more full than Windows, and certainly a much better value. Most distros come with antivirus apps, firewalls, and can be easily updated. In addition they come with many great apps out of the box (try getting MS Office and Photoshop bundled for free with Windows). In addition setup is speedy and easy and most linux distros have proven to be more stable and faster than windows on my Hewlett-Crappard Pavilion 762n.
But the fact remains, that these companies that make Linspire/-aire should do a better job with making sys admin easier for the averager Joe user. If these distros claim to be "as easy as Windows" then they should live up to that and keep in mind that most computer users don't care about what is going on under the hood until something goes wrong. Spreding false notions of easier to fortify doesn't help either, because to the average user more than likely will think this means "default."
So to say that the blame rests one solely the user is as riduculous as stating the opposite and blaming the developers. Yes, most computer users should learn to become better admins and not expect everything to be done for them, but on the otherhand companies need to quit advertising their products as out-of-the-box miracle solutions.
Well, my point was that people who understand what Unix can do aren't bothered by this crap, and will simply continue to use it correctly. Let those idiots continue to use an idiotic operating system. It's their own fault for not getting the facts.
You are trying to ignore a whole lot of people who don't understand what Unix can do, whether they are regular people or even people which make suggestions about the adoption/migration of software inside a company.
Besides that point, before someone understands what Unix is/can do, that person doesn't understand what Unix is or what it can do. What is the largest group: those who are knowledgeable about Unix or those who are ignorant?
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
I doubt there's much overlap between users capable of doing this and users likely to have malware on their machines.
The graphical easy-to-use task manager uses ps to show you the processes list.
this post contain no useful information, no need to mod it down
Even the most insecure Linux distro is more secure than Windows can be.
Have separate user accounts for doing "dangerous" things like browsing the Internet, or running untrusted or buggy software.
When something goes wrong, the damage is minimized.