Re: root login
On Wed, 2003-04-30 at 12:09, Xavier Bestel wrote:
> True, but nowadays PC are just that: Personal Computers, and if a
> hacker/trojan/virus breaks in, the only important thing on the disk is
> the (only) user's data. He won't care about the system 'cause he can
> reinstall it from scratch if need be. And no, 99% of them won't have
> fresh backups handy.
> To these users, root/user separation is just a bandaid to not hose the
> system by accident, nothing more.
Not quite. A hacker owning your account could at most do something like
'rm -rf ~/*'. This is really bad, but you could at least have something
like an unerase mechanism in place at the filesystem level (if such a
thing is currently available for the existing linux filesystems is
another story, but I guess my argument still holds). If the hacker has
root access he can do a 'dd if=/dev/random of=/dev/hda' and then there's
no unerase that helps.
It is still useful to have many levels of security, even if it's only
one person that has interest on the data stored in the machine. Some of
the most evanced security approaches for linux (see for example LIDS,
http://www.lids.org) actually add a security level *over root*, that is,
there are operations that even root cannot do, and that can only be
performed by following a special authentication procedure, normally
possible only directly at the console.
Using such a thing for protecting actions like overwriting your hard
disk, or erasing your log files is reasonable. Along the same line of
thinking, It is also reasonable to keep the separation between root and
normal users, even if there's only one user, and even if that user
happens to also be root.
Regards,
M. S.
--
Martin Soto <soto@informatik.uni-kl.de>
Universität Kaiserslautern - AG Software Engineering
Reply to: