[CentOS] running X as root in centos 6
Keith Roberts
keith at karsites.net
Wed Jul 27 20:39:41 UTC 2011
On Wed, 27 Jul 2011, Devin Reade wrote:
*snip*
> In the particular case of GUI administrative tools (and depending on
> how they're written), they don't necessarily have to run as root
> even though they ask for root credentials. (For example, they could
> "su - /some/command" to make changes). If they do run as root,
> then hopefully their developers are being sufficiently paranoid.
> But even then, that is better than running the window manager as
> root and, by extension, all the *other* programs that are launched
> (or are launchable) from the window manager.
>
> The principle of least privilege applies. Sure, you can ignore it,
> but you won't get much sympathy if you do.
Plus there's the fact that X11 is designed as a networked
windowing system. So it's possible for a remote attacker to
login remotely if X is listening for connections on the
network, and the relevant port is opened to the internet.
Running X server as root user makes the whole system much
more vunerable to remote login attacks IMHO.
Kind Regards,
Keith
-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
More information about the CentOS
mailing list