Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Michael Toomim <toomim@ocf.berkeley.edu>
Date: Tue, 29 Apr 2003 11:33:53 -0700
Message-id: <[🔎] 3EAEC591.1090700@ocf.berkeley.edu>
In-reply-to: <[🔎] 20030429041734.GH24149@lazarus>
References: <[🔎] 1051280874.3ea945eac5fb1@mail.dominicanrepublic.com> <[🔎] 20030425164022.GC494@lazarus> <[🔎] 1051291323.3ea96ebb18853@mail.dominicanrepublic.com> <[🔎] 20030426043435.GF494@lazarus> <[🔎] 3EAAF3B3.1020303@ocf.berkeley.edu> <[🔎] 20030427025246.GB4889@lazarus> <[🔎] b8jtq0$7um$1@main.gmane.org> <[🔎] 20030429041734.GH24149@lazarus>

Jeff Waugh wrote:

<quote who="Michael Toomim">

I don't buy it.  Most desktop computers (dos, win95/98, early macs) don't
even have a "root" concept, and all users have root-equivalent power --
yet I've *never* met a person who deleted their system files because they
had root access.  (I've been admin for a lot of systems.) This just isn't
a problem that comes it in practice.



Any minor bug or security issue is magnified a thousand times when the
software is running as root. Viruses and worms will actually be able to do
horrible things (such as work, breed, do reasonable damage, etc) if they are
running as root.

If a hacker gets access to your account, and then you su to root, he'llsniff your password and get root access. Being a user who periodicallylogs in as root is just as insecure as being a user who logs in as root.

Except that in this case, it's actually LESS secure. Say a hacker getsinto my user account. If I were to login as root from GDM, the hackerwould still be trapped in my user account. But if I *can't* log in asroot from GDM, I'll be forced to su to root instead from my useraccount, and the hacker will get my password (and consequently root access).

I got a call from a client this morning: "Can I lock down all of the folders
on our [Windows and GNOME] desktops to stop staff from accidentally moving
them and not being able to find them again?" Were all those staff logged in
as root, complete system failure is only a clicky-clicky hamfisted secretary
away.

Ever see a Windows user who's accidentally dragged icons out of their Start
menu? (Whoever thought up drag'n'drop menus should be shot.) Ever see a
Windows user who's resized their Start bar to 3px high, or half the screen
height, or shifted it to the other side of the screen? Happens all the time.

Remember, kids: COMPLETE SYSTEM FAILURE is only a clicky-clicky hamfisted
secretary away.

No, that's a different argument. You're telling me that I shouldn'tgive secretaries root access. Well, duh. But the question isn'twhether you give secretaries root access or not, it's whether you givepeople who *already have/want/need root access* the ability to log in asroot to gnome through GDM.

If you can log in as root through a console, a startx, and an xterm,there's no real reason that you shouldn't be allowed to log in as rootthrough GDM. Being root from GDM is no more dangerous or insecure thanbeing root from the console or su.

Reply to:

Follow-Ups:
- Re: root login
  - From: Alex Malinovich <demonbane@the-love-shack.net>
- Re: root login
  - From: Robert McQueen <robot101@debian.org>

References:
- root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@OCF.Berkeley.EDU>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@uclink4.berkeley.edu>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>

Prev by Date: Re: root login
Next by Date: Re: root login
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread