--On Wednesday, July 27, 2011 02:20:48 PM -0500 Les Mikesell <lesmikesell at gmail.com> wrote: > OK, now look at that from the other direction. I'm as concerned about > the security of my own account as anything else (and in fact there may > be root ssh keys accessible to my account). If something is not suitable > to be run as root, why should I believe that it is suitable to run under > my account? Sure, that's fine if we're talking about known defects. Absolutely they should be fixed. If people report them, they usually are. However, where those recommendations come from are more having to do with unknown defects, which will always be there regardless of what software your're running (or at least often enough that the few cases of proven-correct programs aren't worth considering). The difference is that if you're using an unprivelged account and you hit a defect, likely the worst thing that will happen is the program will core dump. (Yes, the worst thing may actually be that it tromps everything in your home directory, but that is in some sense less likely to occur in the general case.) But if you're running that program as root your worst case is crashing the whole machine (instead of just the program), or wiping out all data on the machine (instad of just your home directory). > Sympathy isn't what I'm looking for. And FWIW my comment wasn't intended to be offensive. > I'd rather have some assurance > that a tool is safe to run under any circumstance And anyone who offers such assurance is generally selling you a pig in a poke. Such proofs are generally NP-hard (IIRC; I'm sure someone will correct me if I used the wrong classification). Short version: Programs that are intended to be run in a high risk environment get more scrutiny, are less likely to cause a problem, but can cost _significantly_ more to build. Run other stuff in a high risk environment and you're gambling. That principle applies throughout the industry, not just here. Devin