Michael Robertson Says Root is Safe
Kez writes "HEXUS.net caught up with Michael Robertson, CEO of Linspire, at the UK launch of Linspire 5. Their interview with Mr. Robertson covers everything from hardware support to software patents, but a comment from Mr. Robertson on using root is perhaps the most interesting: "I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't." I would imagine a few Slashdotters would dispute that."
- Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.
- rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.
- ActiveX and a lot of spyware is contained in windows when running as non-administrator. It's running as admin (like most people do), that cause the majority of problems with things.
This kind of talk is pandering to the lowest common denominator of user. Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine, and clicking on that file attachment.I know Slashdot attempts to soundbite things just like any other modern news media, so I'll quote:
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
MySQL, for instance, runs as a separate user. If I so desired, I could limit the login / password for my MySQL account to only allow row INSERTs and SELECTs, but no DELETEs or DROPs. If someone were to break into my account, they could see my data, but at least they couldn't delete from the table. As root, they could stop and start the actual service, and wipe out the whole directory for that matter.
I generally see what he's saying about data being king. But if your data is that important, you'll have other safeguards for protecting it, typically via (dun dun dun), user management! For instance, keep your accounting files under a different user, home directory chmodded to 700. Stuff like that.
Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit.
Cars happen to have seat belts. Roads also have speed limits, so this analogy is flawed.
The best way for Linux to break into the market isn't to emulate windows entirely. The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer. After all, look at Firefox. Firefox didn't choose to adopt ActiveX, or adopt Microsoft's proprietary style transitions, or render CSS in the same broken way, right? Neither should Linux, or in this case, Linspire.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Not running as root works like this. Your data is no more inherently safe than it is when you /are/ running as root, but nobody ELSE'S data will fall prey to your screwup, nor will the central integrity of the system. (For granny, this means that grandson Billy can ssh in, recover this morning's backups from the write-once partition, and she can keep going, having lost minimal data.)
Running as root is like pointing a loaded gun at everyone just in case they're a criminal.
Not running as root is like fastening your seat belt. Sure, you're not intending to get in an accident...
Running as root is like driving down the highway with your hood open and your oil cap off.
Not running as root is like locking your door when you leave.
Running as root is like posting to slashdot without reading TFA. :)
This flies in the face of science.
Why is it more secure not to run as root?
500,000 Windows zombies should be the only answer you need.
include $sig;
1;
How could open source applications support ActiveX? The WHOLE point of ActiveX was to add a proprietary MS extension to the web to keep companies like yours locked in.
Religion is a gateway psychosis. -- Dave Foley
Okay, I will make it easy for you. Why does Firefox and OpenOffice not use ActiveX? Heres why:
s ho ld=0&commentsort=0&tid=109&mode=thread&cid=1207754 3
(1) It does not work cross-platform. Both Firefox and OpenOffice work on platforms other than Windows. Both platforms keep this compatibility by not introducin technology that could possibly limit this capability.
(2) It is proprietary. You may be confused on what this means. Basically, the technology is owned by Microsoft. This very same reason is why PNG exists despite the existance of GIFs. GIF technology was proprietary and, thus, could not be placed into a product that had a open source license (Linux).
(3) Firefox has no need for ActiveX since it has, in my opinion, a better technology with XPCOM. OpenOffice, if I remember, can be extended with Java plugins. Java has built-in security unlike ActiveX. Both XPCOM and Java are cross-platform which goes back to my point #1.
(4) Active X is not very secure. You will hear this time and time again. Microsoft even knows this and turned them off by default in SP2!
Make all the excuses you want, at the end of the day what matters is if the product does what it needs to or not.
As stated in point #3 above both Firefox and OpenOffice support technologies that give them quite a bit of power to get any job done.
I have a pretty good memory and I remember correcting you on these issues before:
http://slashdot.org/comments.pl?sid=144131&thre
Before you go spouting about some guy who would have no job if it werent for ActiveX or some other non-sense drivel, answer this:
What does ActiveX do that XPCOM and Java are incapable of performing?
If you are not able to answer that question, you have no base to stand on.