×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Michael Robertson Says Root is Safe

timothy posted about 9 years ago | from the he-calls dept.

1174

Kez writes "HEXUS.net caught up with Michael Robertson, CEO of Linspire, at the UK launch of Linspire 5. Their interview with Mr. Robertson covers everything from hardware support to software patents, but a comment from Mr. Robertson on using root is perhaps the most interesting: "I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't." I would imagine a few Slashdotters would dispute that."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

1174 comments

Okay now... (5, Insightful)

DarkHelmet (120004) | about 9 years ago | (#12275337)

Let's see
  • Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.
  • rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.
  • ActiveX and a lot of spyware is contained in windows when running as non-administrator. It's running as admin (like most people do), that cause the majority of problems with things.
This kind of talk is pandering to the lowest common denominator of user. Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine, and clicking on that file attachment.

I know Slashdot attempts to soundbite things just like any other modern news media, so I'll quote:

Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.

MySQL, for instance, runs as a separate user. If I so desired, I could limit the login / password for my MySQL account to only allow row INSERTs and SELECTs, but no DELETEs or DROPs. If someone were to break into my account, they could see my data, but at least they couldn't delete from the table. As root, they could stop and start the actual service, and wipe out the whole directory for that matter.

I generally see what he's saying about data being king. But if your data is that important, you'll have other safeguards for protecting it, typically via (dun dun dun), user management! For instance, keep your accounting files under a different user, home directory chmodded to 700. Stuff like that.

Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit.

Cars happen to have seat belts. Roads also have speed limits, so this analogy is flawed.

The best way for Linux to break into the market isn't to emulate windows entirely. The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer. After all, look at Firefox. Firefox didn't choose to adopt ActiveX, or adopt Microsoft's proprietary style transitions, or render CSS in the same broken way, right? Neither should Linux, or in this case, Linspire.

Excellent commentary... (1, Interesting)

ta bu shi da yu (687699) | about 9 years ago | (#12275467)

... however, your comment about FireFox not adopting ActiveX, I would put to you, is actually not a good thing. Many, many Microsoft software developers are exploiting this, and without ActiveX compatibility they aren't going to migrate to FireFox very quickly (if at all).

On a side note: this is sort of like Word and Excel macros and OpenOffice.org. Without them, Oo.org is missing quite a few companies.

Re:Okay now... (5, Insightful)

malfunct (120790) | about 9 years ago | (#12275489)

Even if user data is the most important thing, if you run as root on a multi user box you put every users data at risk instead of only your own.

The other thing, and this isn't easy to do in many OS's, that would be nice is granular escalation of privledge. As you point out in your SQL example, if you need someone to do inserts you shouldn't have to allow them to delete.

Re:Okay now... (1)

HiThere (15173) | about 9 years ago | (#12275512)

This is why I don't consider Linspire to actually be a Linux variant, though admittedly it's quite close, and can be turned into a true Linux with minimal effort (but why bother?).

He really doesn't understand why certain choices are bad. It's not malice, it's ... well, a focus on other areas, coupled with a conviction that since he knows he's a smart businessman, his technical choices must also be right.

Re:Okay now... (5, Informative)

Phleg (523632) | about 9 years ago | (#12275526)

rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.

I dare you to try this. Dare.

Note: you may wish to back your home directory up first. Preferably somewhere not under /, or using with someone else's permissions.

Re:Okay now... (4, Insightful)

bfields (66644) | about 9 years ago | (#12275534)

Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.

He's not talking about daemons--presumably apache, mysql, etc. are still run as a separate user under Linspire, as they are in Debian. There's no reason to change that, since those users don't have usernames that people need to enter.

He's talking about the user account that's used by the real physical user of a desktop system.

In that case, no local exploit is needed--the attacker either uses sudo, or just sniffs the password the next time the user uses su (or whatever graphical equivalent pops up next time they try to upgrade some software).

rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.

For all the talk about it, I don't think I've ever actually known anyone to do the classic accidental rm -Rf / as root. Although I have heard of somewhat similar catastrophes. I doubt the typical gui/finder-like interface makes this so easy, but perhaps I'm wrong. In any case, as he points out, in the case of a single-user desktop, the most important data is in /home/joeuser. Once "joeuser" has deleted that, they're almost back to square one anyway.

--Bruce Fields

Re:Okay now... (1)

crowemojo (841007) | about 9 years ago | (#12275541)

For all the above reasons as well as several others, I can think of no more effective way that Michael Robertson could have made me refuse to take him and any products that he is responsible for seriously. We are talking about fundamental, basic security concepts that are obviously flying over Mr. Robertson's head.

Re:Okay now... (1, Insightful)

As Seen On TV (857673) | about 9 years ago | (#12275546)

Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful.

That's fine, but he has a point. How much actual real-world good does that do? It does plenty of theoretical good, but so does making the speed limit 10 MPH. By far the better solution is to make sure that the system is safe from remote attacks.

rm -Rf / as nonroot will make you give a sigh of relief.

That sounds like a workaround to make up for a design flaw in the command-line interface to me.

ActiveX and a lot of spyware is contained in windows when running as non-administrator.

I don't know the first thing about spyware or Active X or Windows, so I certainly don't care. But since this isn't Windows we're talking about here, I fail to see how this is applicable.

Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine

Well, fortunately you're not making the decisions. The "users should have to learn" mentality is what keeps computers complicated and difficult to use.

The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer.

I think you'd have a hard time convincing anybody that things like "rm -Rf /" and "users SHOULD learn" and "limit the login / password for my MySQL account to only allow row INSERTs and SELECTs" and "home directory chmodded to 700" is the best of anything.

Mr. Lindows is just stirring shit as usual... (4, Insightful)

garcia (6573) | about 9 years ago | (#12275339)

Michael: I think, like everything, it's a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.

Techincally it's gaining control over your system without you knowing it and running exploitable programs as root makes that easier. If the hackers get access to your libraries, programs, etc, they can do far more damage to you by sniffing your data w/o your knowledge. Hackers aren't going to just steal your data and run. If they can gain easy access to the system they are going to modify it and snoop everything and keep getting what they came for.

Michael: Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things. So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.

I am in no way a master of Linux/UNIX and I never claimed to be but even I know that if you are exploited while running something as root more damage can be done to a lot more services, files, etc, than if you were just running it as a user. It's not theoretical. It's fucking very real and it's idiots like this guy that make it easier and easier for more zombie boxes to get out there. Look at Windows... Yeah, no, we don't need Linux to end up like that too.

I want to know who the hell this guy is talking to that don't give him a valid argument. I have a feeling they are and he isn't listening.

Michael: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have.

It shouldn't even be a choice. Prompt for a password (like OS X) when something that needs root privledges runs. If it has succeeded with the Mac then it can with Linspire users too. If you are so concerned about making the users have a positive Linux experience rewrite the dialog boxes when they ask for "root priveledges" so that they are human readable. Don't just eliminate it and say that there's no valid reason not to. Taking the easy way out doesn't solve the problem.

Since when is Michael Roberson a trusted source? He's an asshole that's just into pushing the envelope and making waves (remember Lindows and MP3.com?) Right now he's doing exactly the same thing. "See, those Linux users are trying to make it hard for the layperson to use "their" OS and I'm trying to make it easy. Listen to me! I'm trustworthy!"

Re:Mr. Lindows is just stirring shit as usual... (2, Insightful)

Owndapan (789196) | about 9 years ago | (#12275442)

I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges"

Correct me if I'm wrong, but I don't remember ever requiring root access to change your desktop wallpaper.

Re:Mr. Lindows is just stirring shit as usual... (4, Funny)

0racle (667029) | about 9 years ago | (#12275455)

Its the root window, it must require root privileges to change.

Re:Mr. Lindows is just stirring shit as usual... (1)

Mysticalfruit (533341) | about 9 years ago | (#12275520)

What? If I'm in Gnome and I right click on the background and choose "Change Wallpaper" I can pick any JPG/PNG/etc I want and it'll set that as my background.

I don't remember root privlages getting involved at all.

Full article link and observations on root (5, Insightful)

ZiZ (564727) | about 9 years ago | (#12275343)

An easier-to-read 'formatted-for-print' version is here [hexus.net] . (Not here [hexus.net] , as I tried after decoding the base64-encoded GET, but that's beside the point.)

Not running as root works like this. Your data is no more inherently safe than it is when you /are/ running as root, but nobody ELSE'S data will fall prey to your screwup, nor will the central integrity of the system. (For granny, this means that grandson Billy can ssh in, recover this morning's backups from the write-once partition, and she can keep going, having lost minimal data.)

Running as root is like pointing a loaded gun at everyone just in case they're a criminal.

Not running as root is like fastening your seat belt. Sure, you're not intending to get in an accident...

Running as root is like driving down the highway with your hood open and your oil cap off.

Not running as root is like locking your door when you leave.

Running as root is like posting to slashdot without reading TFA. :)

Re:Full article link and observations on root (5, Funny)

nxtr (813179) | about 9 years ago | (#12275427)

Running as root is like posting to slashdot without reading TFA. :) Exactly; you get what you want done faster, like get the much coveted +5 Funny.

Re:Full article link and observations on root (1, Funny)

IthnkImParanoid (410494) | about 9 years ago | (#12275428)

Metaphors should be like driving: a privilege, not a right. Reading those was like stuffing strips of colored paper into my bleeding eye sockets and calling it a ticker-tape parade.

What a great question! (1)

ScentCone (795499) | about 9 years ago | (#12275344)

Coming from the Windows side, I hear this warning constantly, but rarely hear about the practical fallout. OK, splain, Lucy.

Re:What a great question! (4, Insightful)

spectre_240sx (720999) | about 9 years ago | (#12275488)

One word: Spyware. You run as Administrator, it hoses your machine. If developers would actually write software so that users didn't have to run as Admin just to open up notepad, then spyware wouldn't be anywhere near as big a problem as it is right now.

Now take that one step further and consider a malicious virus being accidentally executed by the same user that thought Bonzi Buddy was cute. Spyware is bad, but that virus might, oh... kill all your .jpg .doc and .mp3 files.

Now how do you feel about running as Administrator?

Uhhh (1)

elid (672471) | about 9 years ago | (#12275345)

So that IE users don't end up downloading + installing every ActiveX spyware app in existence and messing up the entire computer?

Re:Uhhh (0)

Anonymous Coward | about 9 years ago | (#12275407)

The difference being that instead of having it automatically done, they get trained to type in their password every time it asks, rather than clicking "yes"?

Yeah. That's nice. I'm sure that has no chance of being abused.

Re:Uhhh (2, Informative)

ink (4325) | about 9 years ago | (#12275447)

Unfortunately, a normal user can install any browser plugin that they want to. Running as root would simply allow the user to install plugins for other users as well. For the curious, you can install them in $HOME/.mozilla/plugins (among other locations). Running as a normal user will not prevent your box from becoming a zombie, unless you have some kick-ass SELinux rules in place.

Wow (3, Insightful)

bmw (115903) | about 9 years ago | (#12275347)

You've got to be kidding me. Is this just a big troll or is this guy actually that ignorant? Who the hell has he been talking to anyway? The reasons for doing day-to-day things as a non super user is one of the most basic security concepts ever. Even my parents understand this. The reason you don't run everything as root is to avoid COMPROMISING THE ENTIRE MACHINE if some random application has a vulnerability. You don't want each and every little program you run to potentially allow someone to gain full access to everything on your computer. Not to mention protecting the computer from the application itself. I don't want some poorly written piece of software accidentally deleting important system files or some other user's data. And how about protecting the system from the user themselves? How many people here have accidentally rm'd a bunch of important system files (or all of / for that matter) on accident? I know I have and I consider myself a very careful person when it comes to such things.

C'mon... How fucking retarded can you be?

He does _almost_ make a good argument for his case though...

Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.

That statement does have some merit but it definitely isn't always true and even then, I would much rather compromise only my data than have someone gain access to the entire system. If they only get my data, that's all they get. If they gain access to the entire system there is no limit to what they can do... What if they want to setup a very well hidden rootkit and snoop around on my box (watching traffic, capture credit cards, etc. etc.) for as long as possible? Not to mention multi-user systems... A compromised super user gives them full access to EVERYONE's stuff.

And of course, after he says something nearly sensible he goes on to completely shoot himself in the foot by making another completely ridiculous challenge...

So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.

What world does this guy live in? Is he completely surrounded by idiots? Remind me never to go anywhere near Linspire.

Re:Wow (1)

dougmc (70836) | about 9 years ago | (#12275542)

That statement does have some merit but it definitely isn't always true and even then, I would much rather compromise only my data than have someone gain access to the entire system.
The statement has a lot of merit. But even so, this merit does not make `running as root' as safe as `not running as root', because `running as root' has additional dangers.

Of course, as a general rule of thumb, once you have access to a box, there's almost always a way to `hack root'. This assumes that it's a knowledgable person who's gotten in though -- in most cases, it's either a clueless script kiddie, or even more likely some sort of worm or automated scanner.

Still, only an idiot would claim that `running as root' is as safe as `not running as root' -- at least without adding a long list of qualifiers to that statement.

What world does this guy live in? Is he completely surrounded by idiots? Remind me never to go anywhere near Linspire.
Oh bmw -- don't ever go anywhere near Linspire.

As for what he said, remember who his target audience is -- the target audience for Linspire is idiots. Or at least those not really familiar with computers. Microsoft and AOL go after the same target audience as well.

maybe first (-1, Offtopic)

Anonymous Coward | about 9 years ago | (#12275348)

maybe first?

My Experience with Linspire (0, Interesting)

Anonymous Coward | about 9 years ago | (#12275349)

I work as a consultant for several fortune 500 companies, and I think
I can shed a little light on the climate of the open source community
at the moment. I believe that part of the reason that open source
based startups are failing left and right is not an issue of marketing
as it's commonly believed but more of an issue of the underlying
technology.

I know that that's a strong statement to make, but I have evidence to
back it up! At one of the major corps(5000+ employees) that I consult
for, we wanted to integrate the shareware version of Linux into our
server pool. The allure of not having to pay any restrictive licensing
fees was too great to ignore. I reccomended the installation of
several boxes running the new 2.4.9 kernel, and my hopes were high
that it would perform up to snuff with the Windows 2k boxes which
were(and still are!) doing an AMAZING job at their respective tasks of
serving HTTP requests, DNS, and fileserving.

I consider myself to be very technically inclined having programmed in
VB for the last 8 years doing kernel level programming. I don't
believe in C programming because contrary to popular belief, VB can go
just as low level as C and the newest VB compiler generates code
that's every bit as fast. I took it upon myself to configure the
system from scratch and even used an optimised version of gcc 3.1 to
increase the execution speed of the binaries. I integrated the 3
machines I had configured into the server pool, and I'd have to say
the results were less than impressive... We all know that linux isn't
even close to being ready for the desktop, but I had heard that it was
supposed to perform decently as a "server" based operating system. The
3 machines all went into swap immediately, and it was obvious that
they weren't going to be able to handle the load in this "enterprise"
environment. After running for less than 24 hours, 2 of them had
experienced kernel panics caused by Bind and Apache crashing! Granted,
Apache is a volunteer based project written by weekend hackers in
their spare time while Microsft's IIS has an actual professional full
fledged development team devoted to it. Not to mention the fact that
the Linux kernel itself lacks any support for any type of journaled
filesystem, memory protection, SMP support, etc, but I thought that
since Linux is based on such "old" technology that it would run with
some level of stability. After several days of this type of behaviour,
we decided to reinstall windows 2k on the boxes to make sure it wasn't
a hardware problem that was causing things to go wrong. The machines
instantly shaped up and were seamlessly reintegrated into the server
pool with just one Win2K machine doing more work than all 3 of the
Linux boxes.

Needless to say, I won't be reccomending Linux/FSF to anymore of my
clients. I'm dissappointed that they won't be able to leverege the
free cost of Linux to their advantage, but in this case I suppose the
old adage stands true that, "you get what you pay for." I would have
also liked to have access to the source code of the applications that
we're running on our mission critical systems; however, from the looks
of it, the Microsoft "shared source" program seems to offer all of the
same freedoms as the GPL.

As things stand now, I can understand using Linux in academia to
compile simple "Hello World" style programs and learn C programming,
but I'm afraid that for anything more than a hobby OS, Windows
98/NT/2K are your only choices.

Re:My Experience with Linspire (0)

Anonymous Coward | about 9 years ago | (#12275437)

...
Which is nice.

MOD DOWN (0, Offtopic)

XanC (644172) | about 9 years ago | (#12275439)

Random anti-Linux gibberish; nothing to do with this (or any, really) topic.

Re:My Experience with Linspire (1)

truesaer (135079) | about 9 years ago | (#12275453)

Is this post a joke? I am usually found defending windows around here against overly harsh criticism, but this post makes absolutely no sense. Every (or nearly every) major company uses linux systems already, linux is not shareware, you don't put experimental systems into a production server pool, of COURSE linux has SMP and journaled filesystem support, etc.


I have to assume this is trolling...

Re:My Experience with Linspire (1)

rbarreira (836272) | about 9 years ago | (#12275565)

Well, of course it is a joke/troll. You just had to notice the part where he says that VB code is every bit as fast as C code...

dear sir (0)

Anonymous Coward | about 9 years ago | (#12275492)

You suck. You've got nothing better to do than copy and paste stupid trolls to slashdot? This suggests one of two possibilities:

  1. You are at home and in a refractory period and are just killing time until you can get back to masturbating to internet porn.
  2. You work a job where your employer has stupidly given you internet access that you abuse to post idiotic shit to slashdot. If this is the case, you are only dragging down the economy by getting paid to be non-productive and should be shipped off to a third world country in some sort of "productive workers for our slacking assholes" exchange program.

Before you counter with some sort of "well what about you, writing this stupid reply" type argument I should point out that I am only wasting my amazing intellect on a fuckhat like yourself because I'm currently waiting for several servers to come back up. It's either this or head off to the bathroom with my powerbook to masturbate to internet porn.

Re:My Experience with Linspire (1, Informative)

Anonymous Coward | about 9 years ago | (#12275506)

why are you reposting a two year old comment from some bbs here?

http://www.zone-h.com/en/forum/thread/forum=3/th re ad=19443

rm -fr / (0)

Anonymous Coward | about 9 years ago | (#12275350)

Some users will type in anything you tell them.

posting rules (-1, Offtopic)

Anonymous Coward | about 9 years ago | (#12275354)

1st

Agreed (2, Insightful)

Anonymous Coward | about 9 years ago | (#12275356)

I would agree. The OS is not the problem, it's the user. The same thing applies to Windows. Using Windows with the Administrator account is perfectly safe if you're not an idiot. I don't see why it's unsafe to do so on a *nix system.

Re:Agreed (1)

IthnkImParanoid (410494) | about 9 years ago | (#12275472)

is perfectly safe if you're not an idiot.
How many people in the world does that describe 100% of the time? The novice sysadmin protects the system from other people's fuckups; the master protects it from his.

Re:Agreed (0)

Anonymous Coward | about 9 years ago | (#12275564)

In my 12 years of using computers, I've never pulled the equivalent of an rm -rf . /, on either a *nix or Windows system (I said equivalent). I would say my computer has more to fear when I decide it's time to fuck around inside for the third time that week. :-)

who cares (-1, Offtopic)

Anonymous Coward | about 9 years ago | (#12275357)

who cares

He can run as root (5, Funny)

Anonymous Coward | about 9 years ago | (#12275362)

But I want to know his IP address.

This is a sign of the real problem... (4, Insightful)

YankeeInExile (577704) | about 9 years ago | (#12275365)

While we all want to start lambasting him for his obvious lack of understanding of the obvious, I think it is actually endemic of the real problem.

People do not understand anything about computer security.

They do not understand how to limit exposure.

They do not understand the vectors of software virus infection.

They do not understand the true problems of viral infection (that is: they want to eliminate the side effects, but do not care about the primary problem).

Mocking people for being clueless does not actually make them smarter, nor does it impress them with your 31337 Haxor Skillz.

Re:This is a sign of the real problem... (1)

Bastian (66383) | about 9 years ago | (#12275570)

On the other hand, mocking a guy who has his own Linux distribution for saying one of the most boneheaded things imaginable about computer security in an interview is just giving him what he was asking for.

Most people don't even understand the concept of privileged vs. non-privileged accounts - keep in mind that this is a concept that was first introduced to the world of Windows only a few years ago, and even then Microsoft hasn't exactly tried very hard to explain to people what their Administrator account is. (And Mac OS does everything it can to hide root's existence.) And because of that, I don't make fun of normal folks who don't understand superuser accounts and how they relate to computer security. I try to explain the concept in the simplest terms possible, though I don't even try that very hard because I realize it's a fool's errand. (I can't even get people I know to quit running every random *.exe that's emailed to them.)

But when a modern geek, especially a linux gee, starts claiming that there's no reason to avoid doing everything as root, even if he is talking about desktop systems, I reserve the right to think he's an idiot, and say so.

Truth (0)

Anonymous Coward | about 9 years ago | (#12275368)

It is about as secure as windows.

mirror and reason why root is unsafe (1)

winkydink (650484) | about 9 years ago | (#12275369)

root is unsafe because it is very easy to shoot one's self in the foot when root. Consider the trivial example of typing rm *, or rm -rf * in the wrong dir.

Mirror here [networkmirror.com]

Re:mirror and reason why root is unsafe (0)

Anonymous Coward | about 9 years ago | (#12275454)

Most users will never see a command prompt.

At least, they won't on any system that is going to succeed.

Re:mirror and reason why root is unsafe (1)

winkydink (650484) | about 9 years ago | (#12275490)

Many users like to explore and click on random things. Same potential for disaster.

Re:mirror and reason why root is unsafe (0)

Anonymous Coward | about 9 years ago | (#12275563)

I think everyone with an IQ above room temperature learns not to click on random things pretty early on.

I mean, I was in the 9th grade when I learned what "INIT HELLO" did to an Apple ][ disk. Since then, I've either chosen not to indulge my curiosity in such matters, or I RTFM first.

If you make a system idiot-proof, Mother Nature will build a better idiot. I am leaning toward Robertson's "Don't bother with user permissions" philosophy, at least for single-user machines. Multiuser machines and servers are a different matter entirely.

rm -rf / (-1, Redundant)

Anonymous Coward | about 9 years ago | (#12275371)

give good old rm -rf / a try as root and non root and see how you prefer

Of course it is safe... (0)

Anonymous Coward | about 9 years ago | (#12275373)

sure running as root is safe, what's your ip again?

How about... (1)

screensaver400 (652819) | about 9 years ago | (#12275374)

not allowing the installation of software without root password? How about protecting certain mission-critical parts of the system? Might those be good reasons not to use root as a main account?

It must be true (-1, Redundant)

Anonymous Coward | about 9 years ago | (#12275377)

It came from a CEO.

root (1)

timothv (730957) | about 9 years ago | (#12275381)

Running as root can lead to the immediate destruction of your filesystem and potentially hardware by a malicious program, while running as a restricted user can only get your documents deleted or your system ground to a halt. The people who code Linspire are either too lazy or incompetent to implement a Mac OS X-like security system, where the user inputs their password for operations that require root.

Re:root (1)

pegr (46683) | about 9 years ago | (#12275433)

Running as root can lead to the immediate destruction of your filesystem and potentially hardware by a malicious program,

(emphasis mine)

Shenanigans! Shenanigans Officer Barbrady!

Re:root (1)

ajlitt (19055) | about 9 years ago | (#12275440)

Because, of course, Steve Jobs himself invented the concept of the super-user command, and the rest of the UNIX using world has yet to catch up to this amazing accomplishment.

Note to self. Never use Linspire. (0)

Anonymous Coward | about 9 years ago | (#12275395)

I think this is possible the dumbest thing i have seen. I always thought the implications where obvious.

Hmm... Root can write to ANY file? Open ANY Port?

Why even have security on a system no one has ever given a good reason that it works.. I mean look at all the comprimised systems out there. Security Clearly doesnt work.

rm -rf ./ (1, Redundant)

ruckc (111190) | about 9 years ago | (#12275396)

this should be good enough reason right here not to run as root.

rm -rf ./

and btw, i didn't press the . hard enough cause i was typing really fast so it ended up looking like this:

rm -rf /

oh and btw, /boot & /etc were the first things rm'ed

RTFA (1)

Lord Bitman (95493) | about 9 years ago | (#12275423)

Oh no! Not /boot and /etc! How will I ever replace those?!

Thinking of modding me down? You need to RTFA too.

Re:RTFA (0)

Anonymous Coward | about 9 years ago | (#12275456)

Heh, I wonder why it's so common for the trolls to recommend they not be modded down? Do they actually expect people to fall for it?

Another pearl of wisdom from Lord Shitman.

Re:rm -rf ./ (1)

LordSnooty (853791) | about 9 years ago | (#12275514)

and btw, i didn't press the . hard enough cause i was typing really fast so it ended up looking like this: rm -rf /

Well, that's your own fault. You should get into the habit of using absolute pathnames when rm-ing, and stay away from the handy shortcuts.

Simple rebuttal (1)

UnknowingFool (672806) | about 9 years ago | (#12275399)

I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer.

This reminds of a shirt I once say:
"Daddy, what does 'Formatting C:' mean?"

Yes that was in DOS, but you get the point.

gfdgfd (-1, Offtopic)

Anonymous Coward | about 9 years ago | (#12275403)

FIRST POST

Support contracts? (0)

Anonymous Coward | about 9 years ago | (#12275411)

Well, doesn't his company sell support contracts to joe users? Keeping this in mind, wouldn't this qualify as taking care of job security?

No, wouldn't want to be the tech support person either.

Define "Secure" (5, Interesting)

Stibidor (874526) | about 9 years ago | (#12275417)

In the article, Michael defines security as the (in)ability to access personal data. In that respect, he's probably right. But I think he oversimplifies the real question of allowing the users to run under the one account that could really screw up their machine.

He argues that just because we could possibly drive our cars into brick walls doesn't mean we should all be limited to driving at 10 mph. I don't believe the likelihood of even the least skilled driver actually ramming into a brick wall is quite as much as my grandma's likelihood of completely screwing up her computer were she granted root access. I've seen her mess up her Windows machine pretty nicely.

challange accepted (2, Insightful)

FidelCatsro (861135) | about 9 years ago | (#12275425)

"I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't."
rm -rf /
chmod 777 -R /

amongst a high seas of other things that make running as root unsane on the "woops scale"
as to be in dangeour from a remote source , well if you make a conection an open conection to someone you dont know when you root then ...

Re:challange accepted (0)

Anonymous Coward | about 9 years ago | (#12275448)

I clicked submit not preview accidentaly . Grammar Trolls ahoy.

Re:challange accepted (1)

lasmith05 (578697) | about 9 years ago | (#12275549)

I love how everyone keeps using rm -rf / example. SERIOUSLY who is going to ACCIDENTLY type that. Maybe if you were in dos you MIGHT accidently type format c: but you would still get a warning message. Unless maybe you type format c: |y and once again who would accidently type that? If you give someone your root level l/p password to your machine from a remote source then you are just asking for trouble.

Ok, show of hands (0)

Anonymous Coward | about 9 years ago | (#12275432)

Who didn't see this coming?

What, so the name "Lindows" didn't clue you in from the start?

I use root every time I log in... (0)

Anonymous Coward | about 9 years ago | (#12275444)

But then again, unlike everyone else, I'm not an idiot!!!!!!1

On a serious note, he really shouldn't have said that. I know he's just defending a practice that's encouraged natively by his product, but saying something like that kills a lot of credibility instantly.

Running as root is bad because it unnecessarily allows room for user (or program) error which can often have devistating results.

It also allows normal security glitches in programs the same access to cause such undesirable effects. The stupid buffer overflow in Mozilla just went from erasing your home directory (full of scanned comic books and editor preferences) to erasing 5 years of corporate data. Woops!

Not to mention that at one point or another, everyone screws up a command. Be it typing rm -Rf /usr/ instead of /usr/samba/ (mind fart), or accidently hitting enter before you can complete "kill 14914", and ending up with "kill 1"... nasty results, stupidly unnecessary.

These things can't be prevented entirely, but running as a non-priviledged user goes a long way, not to mention it helps encourage proper access and operational policies in the system.

Ignorance (4, Insightful)

El (94934) | about 9 years ago | (#12275446)

This is exactly the kind of attitude that I'd expect from someone that learned everything they know about computers from working with MS-DOS... he can't seem to conceive of the notion that there might be more than one person's data on a single machine!

Yeah... (1)

Aldric (642394) | about 9 years ago | (#12275551)

Just how often is there more than one person's data on a machine? At home my computer is mine, at work everyone have their own machine. Well, my coworker checks my email while I'm away from the office for a few days to make sure no disasters are missed and I do the same for him but that doesn't count. It's not 1980 anymore - most computers are single user machines.

Chuckle (1)

The Bungi (221687) | about 9 years ago | (#12275450)

Let's just wait until he has 100 million customers (98% of which will be totally clueless if the Windows user base is any indication) and we'll see if it's such a good idea.

Perfect Example (1, Informative)

Apreche (239272) | about 9 years ago | (#12275464)

So every user on a system usually can make files in /tmp. Let's say that a malicious user of the system goes into /tmp and makes an executable file named ls. That executable file contains the code which opens up a backdoor onto the system via netcat. If you were running as a normal user and ran ls in /tmp then you would not open up any backdoor. In fact, you might realize what's going on and be able to fix it. If you were root however, the backdoor would open wide and let the whole world have a root shell on your machine. This particular problem can be averted by removing . from $PATH of all users including root. But does Linspire do this? I don't know for sure, but I doubt it.

Linspire, Linux dumbed down for dummies by dummies.

IRC (2, Informative)

laurent420 (711504) | about 9 years ago | (#12275475)

default dcc save directory is ~ . many users of irc are accustomed to permitting auto accept of files. someone sends you a .profile or .bashrc . .profile is sourced on every login. hmm i wonder what happened to all my filesystems.

It's dangerous because... (1)

jmil (782329) | about 9 years ago | (#12275478)

...lots of people have a blank password. I've seen it countless times in a windows environment.

Let's say user A has a blank password, and runs as root. Said user also turns on SSH. Say hello to remote access for anyone who knows your IP, and goodbye to your computer (unless he simply installs a trojan as root... what fun!).

Interestingly, OS X allows you to enable and disable the ability to login as root as needed. Logging in as root by default is disabled (though commands can obviously be run as root with su).

A short list of reasons to NOT be root (2, Interesting)

davidwr (791652) | about 9 years ago | (#12275482)

1) It protects you from yourself. Nobody's perfect all the time.
2) It limits damage from exploits. Go ahead and be root if you aren't networked and never insert media, or are running a perfectly-secure OS.
3) it protects you from another user's malice. N/A for single-user machines.

Examples of when it is OK to run as root:
1) many non-networked embedded systems, e.g. your microwave oven
2) the DOS box in the corner your kids play DOOM I on.
3) Demo machines at trade shows, but only if they are not networked and have no removable media.

Other examples where running as root isn't advisable but the damage is greatly mitigated include read-only systems like Knoppix.

This defeats the point (1)

bcmm (768152) | about 9 years ago | (#12275487)

Linux's (well Unix's) strenght is the ability to do everything. Thats why you need to be a user who isn't allowed to do some stuff :)

This would be worse than running Windows as an admin, because in Windows they have made stuff impossible to stop it being done for the wrong reasons, rather than putting a password on it. Maybe MS was right... No wait I meant Linspire is wrong.

Removing the support from the door of the keep. (1)

Polarism (736984) | about 9 years ago | (#12275491)

Sure, you might have enough confidence in your setup to operate under root, but why would you intentionally do it when you could run things with fewer permissions? This is like saying "hey my router is l33t so i'm just gonna keep the DMZ on 24/7".

Never remove support beams from the building if you don't have to, eh?

Absolutely brimming over with wrongability (3, Insightful)

emurphy42 (631808) | about 9 years ago | (#12275493)

From TFA:
when grandma tries to change her wallpaper, and it tells her "you don't have root privileges".
I don't know whether this is hyperbole or just a bad acid trip, but either way, it shoots holes in his credibility big enough to drive a truck through.

I have to say I love the OSX solution (5, Informative)

arete (170676) | about 9 years ago | (#12275502)

I have to say I love the OSX solution. For those of you that aren't familiar:

The method:
By default you don't use root (although it does exist)

By default a user may or may not be an "admin" user. An admin user may perform root-like operations by authenticating again, but they give their own same password to the OS to do things.

It still knows you're you, you're just super-you. So default files are created with you as owner, for instance. This is safer because it reduces slightly the number of escalations necessary.

The effects:
The actual user password being compromised is not the reason you need a separate root account, so they removed your need for two passwords.

Bad apps still need separate priv escalation to do any harm, even if you're running as admin.

BUT you don't have to logout of your GUI session to have one app - or even ONE PART of one app - run with escalated privledges, if you authorize it to.

This means you have NO REASON to ever run unnecessary apps as an admin. No downloading just that one file as root because you're in the middle of doing a rooty thing and forgot one.

The similar linux hack:
I know you can setup similar things with sudo and a little tweaking. But this is how every OSX box ships, and it ought to be how every GUI consumer linux box ships too.

Before somebody picks on a point (1)

arete (170676) | about 9 years ago | (#12275571)

I thought I'd pick on myself before somebody else did.

I know in linux you can, for instance, open a terminal, su, and execute a GUI app as root while in an X session not as root. However, there's no general linux way for doing this for a nonCLI user.

I also know that in Windows you can "run as" by providing that alternate password, and you could set your Administrator and user passwords the same. But you get all sorts of problems doing this - for instance with an app that needs admin privs to install but not to run.

Finally, I certainly know that not every single security thing Apple has done has been right. This thread is particularly about their admin-user design, which I think is an ideal DESIGN. If they left open a hole somewhere, they should fix it. But the design is brilliant.

He has a point (4, Insightful)

photon317 (208409) | about 9 years ago | (#12275509)


We all know the reasons not to run anything as root unneccesarily are many, but you have to think from his perspective as well. He's picturing clueless linux desktop users, using a shrinkwrapped distro at home for personal use. If they were to only log in as a user rather than root, what does it buy them? Whoever gets them to run malicious code by exploiting them or their software will still get access to all of their data, since it was all stored as that user. And they still get access to backdoor all of the software they use, since they can screw the user's environment (PATH, LD_LIBRARY_PATH, etc).

About the only thing not running as root saves the poor nontechnical home end-user from is wiping out their hard drive, but all the data that's important to them contained therein is still destructable.

His point is in fact arguable - why bother?

I don't agree, but... (1, Insightful)

Tim C (15259) | about 9 years ago | (#12275523)

Consider this:

a) an awful lot of home machines are either single user, or effectively single user (where everyone shares a single account)

b) all the system files are backed up on the nice, shiny install media

c) none of the user files are backed up

If you're not talking about a server or other shared/critical environment, then the only things of any real value on the machine are the user's own files. Root or not, they can toast them. Lindows, in case you hadn't noticed, is *not* aimed at servers...

Running rootless (1)

MemoryDragon (544441) | about 9 years ago | (#12275530)

means, that you dont have any standard user on the machine where you just have to guess the password. On the other hand sharing the same password for sudo and the normal user, like OSX and Ubuntu do it, is as much as a security risk as having a dedicated root because all you have to find out is how to get into the machine as a normal sudo user.

Modded -1 Flamebait (3, Interesting)

HiredMan (5546) | about 9 years ago | (#12275535)

I knew Michael Robertson in college and he was a technological lamer and pretty much an A-hole. And he doesn't appear to have changed much. He's cobbling together whatever technologies he can get his hands on and then shamelessly pimping^H^H^H^H^H^H^H self promoting whatever his latest project is regardless of merit.

He unfortunately seems to have learned that there is little fact checking in the business press - especially where technology is concerned - and that if he can create a stir he can probably create profit.

It was several years before I realized that it was the same Michael but I visted the website and found his picture there - in multiple super high resolutions - seriously why would I want a 1435x1980 pixel image [linspire.com] of him?
Does he think he's desktop material? There's even information for booking him for speaking engagements... but it's not about ego. *SIGH*

Look for the stock pump and dump scheme followed by an SEC investigation in 5 - 10 years...

=tkk

root vs user (1)

iguana (8083) | about 9 years ago | (#12275536)

I challenge a non-root user to screw up a system as bad as this.

dd if=bootimage.bin of=/dev/hda

"Weird," I thought. "Why did it come back so fast? Usually floppy writes take a whole lot longer?"

I had been doing

dd if=bootimage.bin of=/dev/fd0

and brainlocked.

Robertson is the "Billy Mays" of the Linux world (3, Informative)

scupper (687418) | about 9 years ago | (#12275537)

I can't take this guy seriously. He's the Billy Mays [atmospheric-violence.com] of the Linux world.

Just read his responses....[a few of my repiles]

Jo: On the security front, I noticed during the presentation that you were running everything as root. Is that really a wise idea, to train users to run everything as the one user who can mess everything up whenever they feel like it? Should you not try to teach one basic UNIX security idea, that you really don't want to run things as root?

Michael: I think, like everything, it's a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data.[Mikey, that's like saying the people in my car are important, but to hell with the rest of the motorist on the highway. Pretty reckless and selfish. Maybe Linspire should should start "LinNet-Home of the Bots and Trojans] If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.[Mikey, what is a bot? And how are they born?]

Michael: Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things. So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.

Michael: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have.

worse than windows? (4, Insightful)

greenrom (576281) | about 9 years ago | (#12275540)

Running as root is dangerous, but is more dangerous than the average home user is used to? Probably not. The average user probably runs windows from a single user account with admin rights. For most people, the recycle bin is the only protection from stupid mistakes.

Accidents (3, Insightful)

iamacat (583406) | about 9 years ago | (#12275550)

Malicious software can always trick user into giving it administrator access. But if you always login and root, one bad mouse gesture in file explorer can make your system unusable. Just yesterday I saw someone with a master degree trying to store MP3 files in /Library on MacOSX.

Besides, if you have a family PC why would you want everyone messing up each other's files if they can have nice separate home directories?

I want to see ... (0)

Anonymous Coward | about 9 years ago | (#12275568)

... him having a chat with Theo de Raadt about this...

security using system console (1)

PenguinX (18932) | about 9 years ago | (#12275569)

Aside from blaring user error (i.e. any command using -R) it is my opinion that the computer is already compromised if you are using have the system console. Gaining root or hardware access is fairly simple and things such as encrypted filesystems are obviously out of the Linspire's scope. While I believe it would have been "better" had they used a sudo-like implementation (e.g. ksudo / MacOSX) I can understand why a business would take the root approach.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...