On Wed, 27 Jul 2011, Devin Reade wrote: *snip* > In the particular case of GUI administrative tools (and depending on > how they're written), they don't necessarily have to run as root > even though they ask for root credentials. (For example, they could > "su - /some/command" to make changes). If they do run as root, > then hopefully their developers are being sufficiently paranoid. > But even then, that is better than running the window manager as > root and, by extension, all the *other* programs that are launched > (or are launchable) from the window manager. > > The principle of least privilege applies. Sure, you can ignore it, > but you won't get much sympathy if you do. Plus there's the fact that X11 is designed as a networked windowing system. So it's possible for a remote attacker to login remotely if X is listening for connections on the network, and the relevant port is opened to the internet. Running X server as root user makes the whole system much more vunerable to remote login attacks IMHO. Kind Regards, Keith ----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------