Slashdot Mirror
Michael Robertson Says Root is Safe
Kez writes "HEXUS.net caught up with Michael Robertson, CEO of Linspire, at the UK launch of Linspire 5. Their interview with Mr. Robertson covers everything from hardware support to software patents, but a comment from Mr. Robertson on using root is perhaps the most interesting: "I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't." I would imagine a few Slashdotters would dispute that."
- Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.
- rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.
- ActiveX and a lot of spyware is contained in windows when running as non-administrator. It's running as admin (like most people do), that cause the majority of problems with things.
This kind of talk is pandering to the lowest common denominator of user. Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine, and clicking on that file attachment.I know Slashdot attempts to soundbite things just like any other modern news media, so I'll quote:
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
MySQL, for instance, runs as a separate user. If I so desired, I could limit the login / password for my MySQL account to only allow row INSERTs and SELECTs, but no DELETEs or DROPs. If someone were to break into my account, they could see my data, but at least they couldn't delete from the table. As root, they could stop and start the actual service, and wipe out the whole directory for that matter.
I generally see what he's saying about data being king. But if your data is that important, you'll have other safeguards for protecting it, typically via (dun dun dun), user management! For instance, keep your accounting files under a different user, home directory chmodded to 700. Stuff like that.
Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit.
Cars happen to have seat belts. Roads also have speed limits, so this analogy is flawed.
The best way for Linux to break into the market isn't to emulate windows entirely. The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer. After all, look at Firefox. Firefox didn't choose to adopt ActiveX, or adopt Microsoft's proprietary style transitions, or render CSS in the same broken way, right? Neither should Linux, or in this case, Linspire.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Not running as root works like this. Your data is no more inherently safe than it is when you /are/ running as root, but nobody ELSE'S data will fall prey to your screwup, nor will the central integrity of the system. (For granny, this means that grandson Billy can ssh in, recover this morning's backups from the write-once partition, and she can keep going, having lost minimal data.)
Running as root is like pointing a loaded gun at everyone just in case they're a criminal.
Not running as root is like fastening your seat belt. Sure, you're not intending to get in an accident...
Running as root is like driving down the highway with your hood open and your oil cap off.
Not running as root is like locking your door when you leave.
Running as root is like posting to slashdot without reading TFA. :)
This flies in the face of science.
But I want to know his IP address.
Lets do "rm -rf /" and compare the results.
"I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
In the article, Michael defines security as the (in)ability to access personal data. In that respect, he's probably right. But I think he oversimplifies the real question of allowing the users to run under the one account that could really screw up their machine.
He argues that just because we could possibly drive our cars into brick walls doesn't mean we should all be limited to driving at 10 mph. I don't believe the likelihood of even the least skilled driver actually ramming into a brick wall is quite as much as my grandma's likelihood of completely screwing up her computer were she granted root access. I've seen her mess up her Windows machine pretty nicely.
http://nerdfortress.com/
Why is it more secure not to run as root?
500,000 Windows zombies should be the only answer you need.
include $sig;
1;
I have to say I love the OSX solution. For those of you that aren't familiar:
The method:
By default you don't use root (although it does exist)
By default a user may or may not be an "admin" user. An admin user may perform root-like operations by authenticating again, but they give their own same password to the OS to do things.
It still knows you're you, you're just super-you. So default files are created with you as owner, for instance. This is safer because it reduces slightly the number of escalations necessary.
The effects:
The actual user password being compromised is not the reason you need a separate root account, so they removed your need for two passwords.
Bad apps still need separate priv escalation to do any harm, even if you're running as admin.
BUT you don't have to logout of your GUI session to have one app - or even ONE PART of one app - run with escalated privledges, if you authorize it to.
This means you have NO REASON to ever run unnecessary apps as an admin. No downloading just that one file as root because you're in the middle of doing a rooty thing and forgot one.
The similar linux hack:
I know you can setup similar things with sudo and a little tweaking. But this is how every OSX box ships, and it ought to be how every GUI consumer linux box ships too.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
... he should rename his Linspire to something like Lindows.
Don't fight for your country, if your country does not fight for you.
How could open source applications support ActiveX? The WHOLE point of ActiveX was to add a proprietary MS extension to the web to keep companies like yours locked in.
Religion is a gateway psychosis. -- Dave Foley
"How could open source applications support ActiveX?"
Ask these guys.
BTW, you REALLY don't understand what ActiveX is. Heh. Non-MS products can open ActiveX plugins.
"Derp de derp."
Okay, I will make it easy for you. Why does Firefox and OpenOffice not use ActiveX? Heres why:
s ho ld=0&commentsort=0&tid=109&mode=thread&cid=1207754 3
(1) It does not work cross-platform. Both Firefox and OpenOffice work on platforms other than Windows. Both platforms keep this compatibility by not introducin technology that could possibly limit this capability.
(2) It is proprietary. You may be confused on what this means. Basically, the technology is owned by Microsoft. This very same reason is why PNG exists despite the existance of GIFs. GIF technology was proprietary and, thus, could not be placed into a product that had a open source license (Linux).
(3) Firefox has no need for ActiveX since it has, in my opinion, a better technology with XPCOM. OpenOffice, if I remember, can be extended with Java plugins. Java has built-in security unlike ActiveX. Both XPCOM and Java are cross-platform which goes back to my point #1.
(4) Active X is not very secure. You will hear this time and time again. Microsoft even knows this and turned them off by default in SP2!
Make all the excuses you want, at the end of the day what matters is if the product does what it needs to or not.
As stated in point #3 above both Firefox and OpenOffice support technologies that give them quite a bit of power to get any job done.
I have a pretty good memory and I remember correcting you on these issues before:
http://slashdot.org/comments.pl?sid=144131&thre
Before you go spouting about some guy who would have no job if it werent for ActiveX or some other non-sense drivel, answer this:
What does ActiveX do that XPCOM and Java are incapable of performing?
If you are not able to answer that question, you have no base to stand on.