Re: Now We Are Rollin'
On Sun, 30 Nov 2003 13:37:23 -0700, Monique Y. Herman wrote:
> On Sun, 30 Nov 2003 at 20:00 GMT, Paul Morgan penned:
>> On Sun, 30 Nov 2003 11:37:56 -0700, Monique Y. Herman wrote:
>>> On Sun, 30 Nov 2003 at 12:04 GMT, Paul Morgan penned:
>>>> You have a fair chance of gaining some unexpected experience points
>>>> by logging into X as root, unless you are unplugging all external
>>>> network devices first. Not allowing root access to X is pretty much
>>>> at the top of my "never, ever do this under any circumstances" list.
>>>> There are several ways in which you can get hurt, none of which I
>>>> wish to advertise in an open forum.
>>> Security through obscurity? C'mon, now!
>>> Inquiring minds want to know!
>> Very funny, kiddo :)
> I was genuinely curious ... but hey, whatever. I rarely even run X, let
> alone as root!
>> I don't want to get anyone's system fscked up, they're all pretty
>> much documented in security howtos, etc.
>> Anyway, if one *doesn't* allow root login access to X, one can't
>> accidentally do dumb stuff like execute IRC clients, etc.
> IIRC, either xchat or bitchx ... probably bitchx ... won't even let you
> run as root.
>> I am an expert on doing dumb stuff, but even I have limits :)
> I have yet to fully explore my limits, I'm sure =P
I guess I'd sum it up like this:
- you have to assume that anyone out in internetland that knows you're
running a browser or an IRC client, etc., as root is going to try to hurt
you, and, under some circumstances, they can.
- it is easy even for sysadmins with years of experience to
screw up a system while logged in as root, and logging into X as root
multiplies the risk.
- life's hard enough, why take completely unnecessary risks for the sake
of typing su and a password?
- however, my dumbest stunt came from an su to root:
rm -fr /bin /usr
rm -fr bin usr
...that one's tough to beat on the scale of dumbness. Or on the scale of
"negative system impact", as they say. Thank the Lord it was just my own
"The average lifespan of a Web page today is 100 days. This is no way to
run a culture."
Internet Archive Board Chairman