[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2007-01-19 at 10:35 -0500, H.S. wrote:
> Craig White wrote:
> > possibly know. What is known is that the default environment for root is
> > decidedly different than for users and that is why it is not recommended
> > to run GUI as root. 
> 
> This raises a little question in my mind. How does running a 
> network-config GUI or a package manager GUI (GUIs which ask for the root 
> password) compare with running some other GUI as root?
----
that's a good question.

launching a system-config widget that requires root level access to the
configuration files and daemons necessary to apply the changes is
handled with a 'sudo' like temporary elevation of privileges for that
widget.

running GUI as root provides all privileges to all processes at all
times.

Thus the difference between the two is that running as user and having
to authenticate to the system-config widget satisfies the least amount
of privileges necessary to accomplish the task.

The underlying issue is that many activities - especially in the GUI
environment which launches a myriad of processes that in user root's
case, all have root privileges. Thus browsing to a web site would allow
script (javascript/java/flash/wmv/etc) code to execute unfettered with
the super user privileges intact.

A vast amount of code that comprises the desktop applications available
on Linux has been in rapid development, mostly not audited for the havoc
that can be caused by running as superuser (root) and though it may be
inconvenient to have the system tell you that you don't have privileges
of access, it is the only recommended, hence acceptable means to use a
Linux system. 

For those who wish to enjoy unfettered access by operating as superuser,
at least Windows has been extensively tested for that methodology
because that is the default method of usage of Windows. It has been
proven to be a rather insecure way of using a computer and even
Microsoft acknowledges this little known fact, though they tuck it away
deep in their Knowledge Base...

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_whynot_admin.mspx?mfr=true

Thus, you have the choice to operate either more securely as a user or
more conveniently as a superuser.

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux