Slashdot Mirror

← Back to Stories (view on slashdot.org)

Michael Robertson Says Root is Safe

Posted by ryuzaki0 on from the he-calls dept.

Kez writes "HEXUS.net caught up with Michael Robertson, CEO of Linspire, at the UK launch of Linspire 5. Their interview with Mr. Robertson covers everything from hardware support to software patents, but a comment from Mr. Robertson on using root is perhaps the most interesting: "I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't." I would imagine a few Slashdotters would dispute that."

8 of 1,174 comments (clear)

  1. I have to say I love the OSX solution by arete · · Score: 5, Informative

    I have to say I love the OSX solution. For those of you that aren't familiar:

    The method:
    By default you don't use root (although it does exist)

    By default a user may or may not be an "admin" user. An admin user may perform root-like operations by authenticating again, but they give their own same password to the OS to do things.

    It still knows you're you, you're just super-you. So default files are created with you as owner, for instance. This is safer because it reduces slightly the number of escalations necessary.

    The effects:
    The actual user password being compromised is not the reason you need a separate root account, so they removed your need for two passwords.

    Bad apps still need separate priv escalation to do any harm, even if you're running as admin.

    BUT you don't have to logout of your GUI session to have one app - or even ONE PART of one app - run with escalated privledges, if you authorize it to.

    This means you have NO REASON to ever run unnecessary apps as an admin. No downloading just that one file as root because you're in the middle of doing a rooty thing and forgot one.

    The similar linux hack:
    I know you can setup similar things with sudo and a little tweaking. But this is how every OSX box ships, and it ought to be how every GUI consumer linux box ships too.

    --
    Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
    1. Re:I have to say I love the OSX solution by Relyt · · Score: 4, Informative

      Well, Ubuntu Linux is set up with sudo all set up right off the bat, which is probably the way things will be setup in the future. The user can use his or her own password to get root privileges.

      I think that anyone who is considering buying a PC for Lindows would be much better served buying a Mac or Mac Mini and using OS X instead. They'll spend the same amount of money and have an OS that is better-designed and is backed by a corporation and a CEO who actually know what they are talking about.

  2. Re:Okay now... by Phleg · · Score: 5, Informative

    rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.

    I dare you to try this. Dare.

    Note: you may wish to back your home directory up first. Preferably somewhere not under /, or using with someone else's permissions.

    --
    No comment.
  3. Re:Okay now... by maraist · · Score: 4, Informative

    I should be able to specify that a particular UID can listen on ifname:80

    Have you looked into selinux? I don't know if it allows port 80 access from an initially non root user, but it allows you to run a locked-down root process. Problem is that it's apparently very complicated so only supports a scant few products out of the box. But web serving is one of them.

    --
    -Michael
  4. Re:Excellent commentary... by NanoGator · · Score: 5, Informative

    "How could open source applications support ActiveX?"

    Ask these guys.

    BTW, you REALLY don't understand what ActiveX is. Heh. Non-MS products can open ActiveX plugins.

    --
    "Derp de derp."
  5. Re:Okay now... by MrZaius · · Score: 4, Informative

    >urr doesn't that make the directory non browseable?

    Yes. That's a good thing, for the reasons described in the parent post. It bears repeating that he did NOT say to set /home/* non-executable, but only the /home/ directory itself. This allows users access to subdirectories of /home/, but only the ones they know about independently.

    An "ls -l --recursive /home/" will fail to find any world-readable directories, because it won't be able to get a listing of /home/

    An "ls -l /home/bob/public_stuffs" will work just fine, however, with the permissions set properly.

  6. That should be non-READABLE by achurch · · Score: 4, Informative

    as per this comment below (just bringing it up to make it more obvious). chmod a-x /home keeps you from doing anything in /home or any subdirectory, but will let you list /home; chmod a-r /home keeps you from listing /home but will let you do stuff in /home/bob.

  7. Re:Excellent commentary... by masklinn · · Score: 4, Informative
    I think there are enough people out there who have to use ActiveX that support will eventually be added as a special module or something.
    Too bad you don't think like the Mozilla.org foundation does.

    It's been stated repeatedly that Mozilla.org products will never implement ActiveX out of the box... ever...

    There are extensions, if there weren't you could develop them, it's up to you to implement ActiveX in moz/fox and degrade your security, but THAT won't come from the foundation.

    Try again.
    --
    "The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler