Re: [PATCH] Single user linux

Ian Stirling (root@mauve.demon.co.uk)
Thu, 26 Apr 2001 18:22:01 +0100 (BST)


>
>
> On Thursday, April 26, 2001, at 07:03 AM, <imel96@trustix.co.id> wrote:
> > he owns the computer, he may do anything he wants.
<snip>
> Any OS worth its weight in silicon will make a distinction between
> blessed and unblessed users. It can be phrased in different ways --
> root vs. non-root, admin vs. non-admin. But no one should EVER log in
> to a machine as root. Period. (1)

Also, there is another reason.
If you'r logged in as root, then any exploitable bug in large programs,
be it netscape, realplayer, wine, vmware, ... means that the
cracker owns your machine.
If they are not, then the cracker has to go through another significant
hoop, in order to get access to the machine.
For optimal security, you can do things like running netscape and other
apps under unpriveledged users, where they only have access to their own
files.

(Note, netscape/.. are just used as examples, I'm not saying they are
more buggy than others, just large, and hard to get bug-free)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/