Tom Horsley wrote: > On Sat, 06 Dec 2008 16:10:36 +1030 Tim > <ignored_mailbox@xxxxxxxxxxxx> wrote: > >> Compared to logging in graphically as root leaves you much more >> open to security flaws in the graphical systems doing much more >> than you were doing. > > Ah yes, here it is again - GUIS are horribly flawed and ridden > through with security bugs. The point is that you should always run with the least amount of privileges to perform a task¹. Running a desktop session as the root user means that you are running far more code than you would if you ran as a normal user and only used root to execute the programs that need root privileges -- e.g. the system-config-* tools and such. There is also effort being put into separating the GUI part of various system tools from the parts that require root privilege. For example, this allows a normal user to run a date/time configuration tool and only uses root privilege to actually change the system time. It does not mean that the GUI is entirely untrustworthy or unsuitable for use. It just means that best practice is to run as little code with superuser privilege as is needed. > If that is really the case, then no one should be logging into any > GUI at all for any reason since you'll be exposing your own data to > all those security kooties waiting to leap out of the GUIs on them. A little hyperbole with your coffee? ;) ¹ http://en.wikipedia.org/wiki/Principle_of_least_privilege -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The race for quality has no finish line- so technically, it's more like a death march. -- Demotivators (www.despair.com)
Attachment:
pgpk3Prh3EqQN.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
