Todd Zullinger wrote:
Les Mikesell wrote:
And meanwhile you are so much better off just deleting your own
files... I'm sure you'll be thrilled that the OS is still intact
and running after that happens. While I agree that this is a 'best
practices' thing and probably worthwhile in a multiuser scenario,
I'm not sure its worth the extra effort when the user you normally
run as has write access to everything that can't easily be
reinstalled anyway.
One important benefit of running with limited privileges even on a
single user system is that it thwarts attacks that aim to usurp system
binaries and settings to further spread and damage other systems or to
secretly steal your data without your knowledge.
While it would suck to lose your files to an attack, it would suck
even more to have the attack surreptitiously install a key-logger that
stole all of your passwords while you surfed, or used your system to
attack others.
Running with the least privilege required to do your work makes plenty
of sense even in a single user scenario. Just because it doesn't
prevent the one attack you outlined doesn't make it useless.
I also think that many folks overestimate how much extra effort is
required to run as a non-root user. So you are asked for an admin
password every so often if you're configuring your system. Big deal.
If you spend all day every day configuring your system, then you
should be savvy enough to use sudo from the command line or slick
enough to run as root all the time and work out the kinks in those
uncharted waters.
Not to mention that the real reason why most people run MS Windows as a
Computer Admin is that when MS Windows /does/ ask a Limited User for an
Admin password, it always botches the temporary grant of privileges. The
Gnome desktop handles a temporary grant of privileges almost seamlessly,
whether you're running Gnome Terminal or simply launching an
administrative app from a menu. I imagine that KDE handles such requests
similarly.
Add to it that many MS Windows games are dreadfully ill-behaved.
This is the legacy of MS-DOS thinking that it doesn't just own the
world; it /is/ the world. It is simply not suitable for multi-user,
networked use.
UNIX/Linux has multi-user system security built into every line of its
specification.
Better than that, I've been running /and enforcing/ SELinux' targeted
policy ever since installing FC6. I have no lasting issues.
Temlakos