New Linux Distros Insecure by Default?

An anonymous reader submits Two articles on Codefez and NewsForge review releases of Linspire 5.0 and Linare. Both these distributions let the user run as Root by default after installation, and don't prompt to set up a user ID. Is this a start of a new trend of 'dumbed down' Linux distributions that will damage the Linux reputation for security?"

No

[Bastian]

Every linux distro I have used since Yggdrasil has done this. Red Hat 5, Slackware ninetywhatever, Mandrake, Gentoo, Debian, Caldera OpenLinux, SuSE. . .

I've settled down in my Distro-hopping, so the examples I used in most cases were over four years old (Yggdrasil most certainly was. :-), but in my experience it's standard practise to start the user off with a root account and make the normal user account optional, possibly with a little admonishment saying that you really shouldn't use root if you can avoid it.

None of them have ever spent much time explaining how sudo works and why you should use it.

Ubuntu got it right...

[kisielk]

I installed Ubuntu just the other week and was momentarily perplexed that I couldn't su to root. After some consultation on IRC, I learned that Ubuntu has no root account by default, and you can access things you'd normally do as root by sudo, and applications requiring root just ask for your password. As I understand it, this is similar to how it works in OSX. In my opinion, this is the right direction to go in for single-user machines such as home desktops. Of course, stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything. I can't really think of any way off-hand to give home users the power they need to install apps while still preventing trickery like that..

Re:What are the true risks?

[bonkeroo+buzzeye]

If you had been following best practice and surfing the web as a normal user, a dirty hacker could still run code, but they could not wipe out your system without first gaining root.

A system which I can easily reinstall, unlike the personal data which, while it should be backed up, can't be relied on to be backed up every minute and shouldn't be accessed by someone else regardless. Root makes sense on a multi-user system from a sysadmin's point of view where the integrity of the system is paramount. A single user in his home has different priorities - his personal data is paramount - and he's just as owned from one account as the other.

And as far as mistakes, I've run DOS and Windows for years without borking the system (I rarely have need to be doing dangerous things on those systems) and I've run Linux for years without borking the system though I've come closer because Linux constantly forces me into the sensitive guts. But I can just as easily screw up in the minute I'm root as I could in the hours I'm not. A mistake takes a split-second. And having 2 accounts and having to have a 'whoami' command actually *introduces* confusion. I've got two very different prompts now with a bright red YOU ARE ROOT but, in my early days, I issued countless commands thinking I was me when I'd left an xterm up as root or forgotten which virtual console I was on.

And it tends to produce a "let's try this - I'm a regular user and nothing can go *really* wrong" attitude. In other words, you can catch yourself becoming *sloppier* as a regular user, which is actually bound to *carry over* as root.

Lastly, 'root' has horrible granularity.

But I still run my Linux system as Joe User. Just saying.

Re: What are the true risks?

[Alwin+Henseler]

"If you had been following best practice and surfing the web as a normal user, a dirty hacker could still run code, but they could not wipe out your system without first gaining root.

Also, it's easily to accidentally trash the system configuration if you are operating as root when not necessary."

Yep, doing things as non-root user protects your system from getting screwed up, so that your system will keep working as expected, while your data (in your home directory) may get thrashed, deleted, or leaked/snooped on.

Here's my problem with this: while this helps, the fact is, my data happens to be the most valuable stuff on my computer. I can fix/reinstall an OS, but I probably can't retrieve data that got deleted. If a hacker gets user level access, then my system may keep working o.k., but my user data is still up for grabs.

So for starters: a good backup strategy is your friend. Next: reliable working software, so that exploits aren't there in the 1st place, user-level or otherwise.

I still have to see a security model that's:

• Easy to understand, even for Grandma's
• Protects user's data (and with 'protect' I also mean prevention from leaking read-only data using spyware-like methods), AND
• Still keeps it easy for users to access/modify same data.

If you know of a good model that meets ALL above points simultaneously, please let us know. And frankly, the Unix permissions model doesn't cut it. It's hard to understand for Grandma, and even with proper permissions set, all sorts of data that should be considered private to processes/users, is leaked in a variety of ways. And a flaw in your browser may destroy any non-browser related data inside your home directory.

The Unix-style users/permissions model may be useful, but it's nowhere near optimal by any metric. IMHO it's more like a clumsy fix, that tries to minimize the effect of unreliable software. After all, if software on your system would NOT contain any exploitable bugs, and 'just work' as documented, how much use would there be left for Unix-style security? At least on single-user systems (normal user = also admin): little.

Not quite.

[Omni+Magnus]

Even the most insecure Linux distro is more secure than Windows can be.