OSNews

Let me note that while I'm against running as root, I understand the compromises they're making by doing it and in most cases have no problems with them. However,

jbolden1517 says: If you care about security that much why advocate an operating system in which security was an after thought? For a true desktop system that doesn't have servers installed breaking security is fairly hard. There is no FTP, no telnet, no sshd, no sendmail... Maybe you can take over the box by convincing the user to download some software; but then you could take over any unix box the same way. The only operating systems that will hold up against tricking the administrator are the ones running capability systems like the above.


I have no issue with most of the compromises they make to make the system more usable to the average user. The problem is, the reason people will move to Lindows from Windows is to get away from the rampant problems that MS has, with crashing and with security. Why switch to Lindows at all if Lindows dumbs itself down enough that it's just as susceptible to problems? It'll still be a bit more stable, but 2000 or XP with good hardware (and trusted drivers) is stable enough. On UNIX systems, *even if* they trick the user into doing something, it can only mess up their sandbox.

Richard says: Linux email clients do not execute attachments. If I run as root you don't have some greater advantage sending email viruses to me. It doesn't matter. Email is not a Linux virus vector.

You can compromise a non root account and setup a DDOS server anyway. If you run the DDOS program it doesn't really matter what user you are.

Most linux attacks occur as a hole in a service such as ssh, apache, dns etc. These are not rooted because the main user is running as root.

Most Linux attacks do not occur as a hole in a service because services are inherently easier to attack, it's because they're the ones with the root privileges the attacker needs to be able to do other things to your system. If a large enough number of users start running Evolution as root, I guarantee hackers (crackers for the pedantic) will start looking for buffer overflows in the attachment-handling code in Evolution and you'll have Windows security all over again.

Linux email clients are not yet a vector because no one's running it at a privilege that it's worth finding a hole. When you change the user so that they're getting input from things over the net that don't go through a filter, bad things *will* eventually happen.

MacOSX did things the right way. Most of the time you run as an "Administrative" user who has rights to 99% of the filesystem, just like root, *BUT* can't write to system stuff where daemons and the like are without putting in the root password. It automatically asks for the password when you're trying to do something you don't have privileges for, and it's no big deal for power users *or* regular users. You really only see it when you install new software.

It's not like I'm complaining that they're running e-mail as root because there's no choice; I'm complaining that they're doing it when there's no reason to, and when it's so easy to *not* run it as root. Hell, the "evolution" link could be a shell script that sudo's to "mailuser" and runs it. I'm cool with giving the user as much rights as he wants by default for messing with the filesystem or whatever. Most users don't mess with those things anyways. The issue is that at the very least, high-visibility things that get a lot of data from untrusted places should not be run as root without a reason. "Everything else is already run as root so why not?" isn't a terribly good reason. =)