On Wed, 27 Jul 2011, Devin Reade wrote:
*snip*
In the particular case of GUI administrative tools (and depending on how they're written), they don't necessarily have to run as root even though they ask for root credentials. (For example, they could "su - /some/command" to make changes). If they do run as root, then hopefully their developers are being sufficiently paranoid. But even then, that is better than running the window manager as root and, by extension, all the *other* programs that are launched (or are launchable) from the window manager.
The principle of least privilege applies. Sure, you can ignore it, but you won't get much sympathy if you do.
Plus there's the fact that X11 is designed as a networked windowing system. So it's possible for a remote attacker to login remotely if X is listening for connections on the network, and the relevant port is opened to the internet.
Running X server as root user makes the whole system much more vunerable to remote login attacks IMHO.
Kind Regards,
Keith
----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------