New Linux Distros Insecure by Default?

An anonymous reader submits Two articles on Codefez and NewsForge review releases of Linspire 5.0 and Linare. Both these distributions let the user run as Root by default after installation, and don't prompt to set up a user ID. Is this a start of a new trend of 'dumbed down' Linux distributions that will damage the Linux reputation for security?"

Morons

[Usquebaugh]

I mean they have the chance to sell a reasonably secure OS and insted they do this. Hanging's to good for em.

Re:Morons

[i_should_be_working]

if you don't like it don't buy it.

Insecure computers affect us all. We have the right to be upset.

Re:Morons

If forcing users to pick an admin password is good enough for the single mouse button crowd it should be good enough for the walmart crowd.

Re:Morons

[Jeremiah+Cornelius]

And it isn't NEWS!

Linspire has been doing this - and making excuses for the practice - ever since Hector was a pup.

That's about four years, or somethin'.

Mod summary: wrong

[oldosadmin]

Linspire *does* have a "setup your computer" window come up. One of the buttons on it is to create a user account.

Not perfect, but not as egregious as it was in Linspire 4.5 either.

linspire

[Pinefresh]

Linspire has been doing this for awhile. They're trying to make newbies as comfortable as they can, but unfortunately they're doing it by emulating even the worst ideas of that other OS.

Somewhat old news

[stoborrobots]

Linspire (formerly Lindows) made that decision a long time ago, and it has been brought up on Slashdot many-a-time...

A quick search reveals this article from 2003 in which the founder of Lindows states his case for the matter...

And this review from 2002 (linked to by /.) also noted this problem...

No

[Bastian]

Every linux distro I have used since Yggdrasil has done this. Red Hat 5, Slackware ninetywhatever, Mandrake, Gentoo, Debian, Caldera OpenLinux, SuSE. . .

I've settled down in my Distro-hopping, so the examples I used in most cases were over four years old (Yggdrasil most certainly was. :-), but in my experience it's standard practise to start the user off with a root account and make the normal user account optional, possibly with a little admonishment saying that you really shouldn't use root if you can avoid it.

None of them have ever spent much time explaining how sudo works and why you should use it.

Re:No

[Proud+like+a+god]

Mandrake sets up the root account, but the default MdkKDM gui login doesnt allow root login, only the other accounts you set up at install.

Re:No

[aonaran]

That is what I liked most about Ubuntu.

It ships with the root account DISABLED!
It threw me off at first, but the documentation clearly explains how to use sudo and why they decided it is better to set up the first user as a sudoer rather than set up an active root account and a dumbed down user account for day to day stuff.

Re:No

[drsmithy]

Can someone point me to a good description of how to set up sudo and the advantages to doing so?

There's enormous amounts of material on the 'net for setting up sudo (which, be warned, is a very non-trivial task if you want to do it properly), so I won't try and replicate any of that.

The biggest advantages are:

1. An audit trail (every sudo command is logged).

2. The ability to restrict what a user can 'sudo' to individual commands (even individual parameters, I suspect, although I've never tried).

I guess I can see the advantage in a multiuser system where some users should have access to some root commands others shouldn't, but in a single user system, where the user is also the administrator, I see sudo as a security liability.

I wouldn't say it was a security liability. A security irrelevance, perhaps - at least with todays default configurations.

Yes!

[Stevyn]

One of the best things about linux is ordinary users don't have write access to the entire computer. This means that if one day linux malware does become a problem (as Microsoft predicts), then it will only affect individual accounts and not the entire computer.

Aside from malware that probably doesn't exist yet, it's still a good idea to have a window pop up or a console to prompt you for a root password because it lets the user know the action they take may harm their computer. It also hinders mistakes like deleting necessary files from happening accidentally. Security should be the main concern of a computer connected to a network or in an area more than one person can use. This enforces that concept and can greatly protect a computer than if it was always running as root.

Re:What are the true risks?

[mysidia]

The root account is for administering the system, installing and upgrading globally software installed globally on the system (for shared use), changing settings that effect users, managing, etc: root owns the system files.

Because root has access to bypass all security measures, it should not be used, except where necessary.

Suppose you surf the web as root: if you visit a malicious web site that exploits a bug in your browser, now your system is at their mercy.

If you had been following best practice and surfing the web as a normal user, a dirty hacker could still run code, but they could not wipe out your system without first gaining root.

Also, it's easily to accidentally trash the system configuration if you are operating as root when not necessary.

When running as root, there is a certain danger, and care needed with every command, particularly on production systems.

Ubuntu got it right...

[kisielk]

I installed Ubuntu just the other week and was momentarily perplexed that I couldn't su to root. After some consultation on IRC, I learned that Ubuntu has no root account by default, and you can access things you'd normally do as root by sudo, and applications requiring root just ask for your password. As I understand it, this is similar to how it works in OSX. In my opinion, this is the right direction to go in for single-user machines such as home desktops. Of course, stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything. I can't really think of any way off-hand to give home users the power they need to install apps while still preventing trickery like that..

Re:Ubuntu got it right...

[adric]

After some consultation on IRC, I learned that Ubuntu has no root account by default

Not quite. Ubuntu doesn't set a root password by default, which leaves the account locked (to interactive logins), but it's still very much present. The traditional behaviour can be restored simply by running the passwd command via sudo.

Re:What are the true risks?

[bonkeroo+buzzeye]

If you had been following best practice and surfing the web as a normal user, a dirty hacker could still run code, but they could not wipe out your system without first gaining root.

A system which I can easily reinstall, unlike the personal data which, while it should be backed up, can't be relied on to be backed up every minute and shouldn't be accessed by someone else regardless. Root makes sense on a multi-user system from a sysadmin's point of view where the integrity of the system is paramount. A single user in his home has different priorities - his personal data is paramount - and he's just as owned from one account as the other.

And as far as mistakes, I've run DOS and Windows for years without borking the system (I rarely have need to be doing dangerous things on those systems) and I've run Linux for years without borking the system though I've come closer because Linux constantly forces me into the sensitive guts. But I can just as easily screw up in the minute I'm root as I could in the hours I'm not. A mistake takes a split-second. And having 2 accounts and having to have a 'whoami' command actually *introduces* confusion. I've got two very different prompts now with a bright red YOU ARE ROOT but, in my early days, I issued countless commands thinking I was me when I'd left an xterm up as root or forgotten which virtual console I was on.

And it tends to produce a "let's try this - I'm a regular user and nothing can go *really* wrong" attitude. In other words, you can catch yourself becoming *sloppier* as a regular user, which is actually bound to *carry over* as root.

Lastly, 'root' has horrible granularity.

But I still run my Linux system as Joe User. Just saying.

Re: What are the true risks?

[Alwin+Henseler]

"If you had been following best practice and surfing the web as a normal user, a dirty hacker could still run code, but they could not wipe out your system without first gaining root.

Also, it's easily to accidentally trash the system configuration if you are operating as root when not necessary."

Yep, doing things as non-root user protects your system from getting screwed up, so that your system will keep working as expected, while your data (in your home directory) may get thrashed, deleted, or leaked/snooped on.

Here's my problem with this: while this helps, the fact is, my data happens to be the most valuable stuff on my computer. I can fix/reinstall an OS, but I probably can't retrieve data that got deleted. If a hacker gets user level access, then my system may keep working o.k., but my user data is still up for grabs.

So for starters: a good backup strategy is your friend. Next: reliable working software, so that exploits aren't there in the 1st place, user-level or otherwise.

I still have to see a security model that's:

• Easy to understand, even for Grandma's
• Protects user's data (and with 'protect' I also mean prevention from leaking read-only data using spyware-like methods), AND
• Still keeps it easy for users to access/modify same data.

If you know of a good model that meets ALL above points simultaneously, please let us know. And frankly, the Unix permissions model doesn't cut it. It's hard to understand for Grandma, and even with proper permissions set, all sorts of data that should be considered private to processes/users, is leaked in a variety of ways. And a flaw in your browser may destroy any non-browser related data inside your home directory.

The Unix-style users/permissions model may be useful, but it's nowhere near optimal by any metric. IMHO it's more like a clumsy fix, that tries to minimize the effect of unreliable software. After all, if software on your system would NOT contain any exploitable bugs, and 'just work' as documented, how much use would there be left for Unix-style security? At least on single-user systems (normal user = also admin): little.

stop thinking like an expert

[bug1]

A clueless newbie should never consider there OS to be secure, they dont have the knowledge to make a judgement on it.

Maybe a lot of the demographic this distro is targeting doesnt even know what root is.

Plus, there is a saying (from the *BSD folk i think) "without physical security there is no security"

Get a bit of perspective, you need knowldege to have security, its not just a configuration issue.

Is it just me..

[rookworm]

or is Linspire a really bad deal? I don't see any advantage over other desktop linux distos (Ubuntu, Fedora, etc.), or for that matter OSX or even Windows.

If you want it free, go with Ubuntu, If you want it cheap, go with Windows, and download freeware apps. It seems like Linspire users are paying just to use a second- rate distro.

Anyone care to enlighten me?

Re:Is it just me..

[happymedium]

or even Windows.

Well, it does have the advantage of not being Windows. ^_^

the other direction

[fred+fleenblat]

What I'd like to see is even more user granularity. One account for browsing the web, another for reading email, another for ftp'ing. Even if you download or click on some malware, not only is your OS protected, but now your user id's files are also safe.

When it comes time to actually use the files you downloaded, there should be a malware-scanning chown that checks the file is safe before assigning it over to you, perhaps on top of a check that firefox's chroot jail is not disturbed.

Re:Yes!... NO!

[pr0c]

Considering that a lot, if not most, computers are used by one user then the whole root access thing is moot.

1.) All the important, not easily recoverable files are typically in /home/ which is obviously (intentionally) vulnerable 2.) Malware can still run automatically from things like ~/.bash_rc everytime the user logs in which is typically how a lot of malware works on windows too ...run_once/run/etc in registry.. autoexec.bat.. whatever. Going back to my first statement, if only one user uses a machine and he/she/it gets malware the whole root thing doesn't help. All you really saved was the OS and thats easily replaced (don't mistake time for simplicity). Does linux, freebsd and soloaris have a better security model than windows? Yes obviously (IMHO). Is it going to save you from malware? Hell no... Will it protect your valuables? Not likely. Any asshole can whip something up to scan for r/w directories and empty the contents. Hell its easier to do than in windows with shell scripts. From my point of view a root account wouldn't be much more useful than the user account you want to spy on.

Director/SW Architect logs in a root.... until...

[nevillednz]

Well... hell he was a director of the company, so therefore he was entitled get to log in a root on "the company" unix box.... it only seems logical that he should log in a root all the time.

But that was just the start...
Next thing were the permissions on the files/directories that he created. They were just wrong. We couldn't read some files he created that needed to be shared, we couldn't fix the permissions, we couldn't rename or move directories created by him. We couldn't even tell which were his creations.
I chatted to him about "root login issues", but at the end of the day, he was a director.
Finally one day he found the system was short of diskspace and notices that the files in /usr/bin were also in /bin (on AIX).... so he elects himself to clean up one directory.... rm -rf /usr/bin.
And so... one CAN learn from experience.

Unix/Linux Level Description and features:
beginner - has not figured out how to get a directory listing
novice - knows that "ls" will produce a directory listing
- has had his FIRST BAD EXPERIENCE with rm!!!
user - is wondering how to move a directory
- knows how to read his mail and is wondering how to read the news
knowlegable - has figured out that mv(1) will move directories
- once used sed to do some text substitution
expert - write C programs using vi and compiles with cc
- has figured out what "&&" and "||" are for
hacker - uses adb because he doesn`t trust source debuggers
- knows how to install bug fixes
guru - uses adb on the kernel while system is loaded
- reads device driver source with his breakfast - has learned how to breach security but no longer needs to try
wizard - writes device drivers with "cat >" - is on first-name basis with Dennis, Bill, and Ken (and Linux -)
The full list is here: http://www.interhack.net/pubs/unix-user-hierarchy. html
Cheers
NevilleDNZ

Re:Yes!... NO!

[minus9]

If malicious software is installed by a user, when you type ps ax or use top or whatever gui tool you use to find out why the hell your machine is so slow you will see it running. Then you say "Oh shit! Rebuild time!". If the software gets onto your machine via the root user it can replace all these tools, or even insert a kernel module to intercept syscalls. It could then slowly corrupt all your data over several months (slowly screwing up all your backups along the way), or sit there spewing out spam and DDOS attacks. In the second case the only way to tell something is wrong is that your machine seems slower.

Not quite.

[Omni+Magnus]

Even the most insecure Linux distro is more secure than Windows can be.