running as root is inherently wrong [LWN.net]

running as root is inherently wrong

Posted Jun 26, 2003 12:09 UTC (Thu) by ballombe (subscriber, #9523)
Parent article: Lindows.com - Friend or Foe?

The article say 'there is nothing inherently wrong with LindowsOS'.

I don't agree, running everything as root is inherently wrong.

The article say 'simply does not want to deal with any passwords.'

It is a technical confusion: a user account with a blank password
is still much more secure than running as root, e.g. rm -rf / will fail.
suid wrappers can be used for task that need root. Even the most crippled
wrapper is safer than running as root.

Windows XP and OS X have a concept of user account, so why not LindowsOS ?

The article say ' If Lindows.com becomes profitable and successful in the process, we will all benefit.'

I will certainly not benefit from the deployement of completly insecure
Linux box. This will only serve to destroy Linux reputation about security

to post comments

What happens to root then?

Posted Jun 26, 2003 13:36 UTC (Thu) by GreyWizard (guest, #1026) [Link] (3 responses)

Who *does* get the root password in that case? Or should the installation be unable to do anything not in the original specification? As long as a user can log in with no passphrase and install packages, they are effectively running as root. For example, a virus would simply install a small package (possibly downloaded from somewhere) containing malicious code and invoke it rather than doing harm directly.

On the other hand, this might still protect against accidental damage (dragging /usr to the trash...).

What happens to root then?

Posted Jun 26, 2003 16:31 UTC (Thu) by iabervon (subscriber, #722) [Link] (1 responses)

Nobody gets the root password. Being root (if necessary at all) requires a shell started by init on the console. That's how I have my home desktop machine set up: no passwords, physical access is necessary and sufficient for everything (except ssh identity, of course, which is protected on disk with a passphrase). The root password is untypable, but there are root shells started automatically on virtual consoles. So root access is protected by requiring the actual keyboard. If I were setting this up for distribution, I'd also make the root account inconvenient for running non-maintenence programs (e.g., remove /usr/X11R6/bin from root's path).

In most desktop situations, it's impossible and unnecessary to secure the system against people with physical access, and vital to secure it against remote attackers; but it's also unnecessary to permit remote users at all and inconvenient to support them usefully anyway (Mom hangs up the modem and turns off the computer when she's done).

It would be interesting to design an package management tool which could be run on a virtual console out of init in a way that end users could handle easily.

What happens to root then?

Posted Jul 9, 2003 16:09 UTC (Wed) by maphew (guest, #1147) [Link]

I'm intrigued, where can I find info on how to setup a linux computer in the manner you describe?

What happens to root then?

Posted Jun 26, 2003 18:35 UTC (Thu) by ballombe (subscriber, #9523) [Link]

Just make a suid wrapper to apt-get with source.list pointing to LindowsOS and Debian. This will allow non-root users to install packages but only from reputable sources.

running as root is inherently wrong

Posted Jun 26, 2003 14:40 UTC (Thu) by cdmiller (guest, #2813) [Link]

I concur.

Widely distributing an inherently insecure and crash prone distro will not help Linux in the short or long term. Any system with an inexperienced user running as root will be insecure and crash prone.

running as root is inherently wrong

Posted Jun 26, 2003 15:02 UTC (Thu) by tjc (guest, #137) [Link]

The article say 'simply does not want to deal with any passwords.'

Even Windows XP has user accounts and passwords, so I have to agree; running as root is a Real Bad Idea. A potential user who has trouble with passwords might not be able to do anything useful with a computer even if they did manage to log in.

Running as root because it's easier for novice users is sort of like replacing the ignition key on a car with a big red button.

running as root is inherently wrong

Posted Jun 26, 2003 15:11 UTC (Thu) by ladislav (guest, #247) [Link]

In case some of you've missed the Slashdot interview, here is Mr Robertson's reasoning in his own words:

"There aren't administrators in many of the homes, businesses and schools we are selling to. These are personal computers where the owner needs to be able to set the clock, change the wallpaper, configure a printer, install a flash drive, or load a new piece of software without bumping into nuances of computer science.

Take a Microsoft Windows XP or Mac OS X machine out of the box and use it and it operates in a similar manner to LindowsOS the first person to touch it can do whatever they want. If we make Linux harder to use then other operating systems, users will not embrace it. Users just want to get their work done, they don't want to be computer experts and they shouldn't have to be. Of course, if they want to add a default password or setup multiple accounts and restrict access to their own machine, they can of course do it on all of these operating systems, including LindowsOS, even though none default that way."

You can read the rest of the interview here: http://interviews.slashdot.org/article.pl?sid=03/05/05/1225249

running as root is inherently wrong

Posted Jun 9, 2004 5:33 UTC (Wed) by kasl_33 (guest, #22188) [Link]

I may be reading this long after it was posted, but I am currently using Lindows 4.5 on one of my partitions. After two weeks, I don't even hardly touch my Windows XP Pro partition (except to modify my website through Front Page to save time in the GUI of FP vs. FTP Progz).

I am very impressed with Lindows (By the way, they changed the name to Linspire).

I am semi-new to Linux - played with Red Hat for a while unsuccessfully, but Linspire is helping me to learn a lot about it. I can now navigate the command line and install programs in command as well - just because Linspire was easy enough for me to use to get started in figuring things out.

Another great feature for you Linux/Windows users is Win4Lin which lets you run Windows 98 and below simeutaneously with Linux at the same time. I have never seen Windows boot up so fast or run so secure!