On 7/27/2011 1:59 PM, Devin Reade wrote:
>
>>> If you need to get into X as root means that *you* are doing something
>>> *wrong*. It has nothing to do with an "underlying problem".
>>
>> So why do GUI administrative tools exist? Or did you mean window
>> manager or desktop instead of X?
>
> The point is not that X, or the window manager, or some tool is flawed.
> (In general, *all* software has flaws.)
>
> The point is that UNIX has unprivileged users to help protect itself
> despite program flaws (as well as other reasons). Some things *have*
> to run privileged and, knowing that, their developers are historically
> a lot more paranoid about writing and testing such software.
OK, now look at that from the other direction. I'm as concerned about
the security of my own account as anything else (and in fact there may
be root ssh keys accessible to my account). If something is not suitable
to be run as root, why should I believe that it is suitable to run under
my account?
>
> The principle of least privilege applies. Sure, you can ignore it,
> but you won't get much sympathy if you do.
Sympathy isn't what I'm looking for. I'd rather have some assurance
that a tool is safe to run under any circumstance, not a suggestion that
my account is not important enough to bother caring about.
--
Les Mikesell
lesmikesell at gmail.com