Re: Root with GUI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/16/2010 12:41 AM, Tom Horsley wrote:
> On Thu, 15 Apr 2010 23:42:46 +0800
> Ed Greshko wrote:
>
>   
>> At some point, they'd logout and later, next
>> day...after lunch, login as themselves and now have all sorts of
>> troubles they didn't have before.
>>     
> "It is possible for idiots to screw up", is not the same as
> an actual case history of some exploit hitting someone
> only because they were running a GUI app as root. I'm still
> waiting for the pointer to those case histories :-).
>   
Well, the point being that in this case some directories were set to
777.  This allowed others to, for example, read other people's mail,
gain access to other people's personal files, photos, etc.  Yes, it is a
"local exploit".  But, if some guy had emails about his colleagues he
didn't want to get out...or his cache file was filled with trails of
visiting porn sites...or...

I suppose you'd find that OK...and just chalk it up to "idiots".  But
that is one of the reasons for making it hard for folks to login as root
from the GUI.  To protect them from themselves. 

Yes, some people's view is that everyone should have the choice to shoot
themselves in the foot.  Some people think their children are very
intelligent, and well taught so there is no need in the world for "child
guard caps" on medicines and other bottles.   Sure, it a pain for older
folks with no children in their household...but I think they can request
non-guarded bottles at the pharmacy.   So, the choice is there to "opt
out".  And the choice to opt out with regards to the root login exists. 
But, it isn't easy to do it for the simple reason that if it is easy to
do...the "idiots" would be the first ones to do it.

My reasons for not allowing root access for GUI logins is different than
what others have and for what you're looking for proof of.  IMHO, my
reasons are more fundamental and more likely to have real world impact.

-- 
Next to being shot at and missed, nothing is really quite as satisfying
as an income tax refund. -- F. J. Raymond Guess Who!
http://tinyurl.com/mc4xe7

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux