[Novalug] GUI root

Peter Larsen peter@peterlarsen.org
Thu May 28 12:14:00 EDT 2015


On 05/28/2015 11:34 AM, Walt Smith via Novalug wrote:
> On 05/27/2015 12:40 PM, Walt Smith via Novalug wrote:
>> > Anyway, I found the root X gui to be useful. 
> The admin in me just cringed outwardly. This is a "Bad Idea(tm)" You
> dont run your desktop GUI as root. We learned this in the 1980s. :-)
>
> Nick
>
> -------------------------------
>
> Well, I'm just a Joe User, I keep a terminal up in the gui with a 
> root logged on.  Too many things I need to always do as root,
> such as kill runaway processes when some script dies etc...
> Its probably a good thing I'm a workstation and not Enterprise
> where you work.  Unless you want to hire me ??? < ha !  >

You do know that most mass DDoS and mass attacks happen from "Joe Blow
user" systems that all get compromised and then used in some kind of
botnet to coordinate an attack?

If your system is connected to "the world wide web" of computers, you
need to take security serious. Otherwise, you'll one day have men in
blue or black knocking on your door saying they traced illegal
activities to your IP. And they may not be interested when you say "I'm
just Joe Blow and have no clue" - they may think they got their perp -
at the very least it will take lots of legal wrangling and time to get
out of it.

The reason Windows systems are so vulnerable is that people treat them
like you do your Linux. Everything runs super privileged - bad
configurations, bad software and "joe blow" general approaches means
your system is/will get compromised. And as I stated above, it's rarely
because the hackers want anything on your network - they want you IP and
to be able to commandeer  your systems to be part of their network of
things. Of course it won't hurt them if they can find a few credit-card,
SSNs and other stuff on your computer too.

Seriously - if writing "sudo" or using polkit is too hard - are you sure
you have picked the right platform?

> A specific example: Audacity works only about 20% of function when run 
> as User.  Pretty much useless.  When I go to root gui, it runs as 
> it should.  A few other apps do the same.   Don't *know* why, but I'd 
> guess it has somethig to do with the installation process, or the 
> fact they * may* not be CentOS native.  Again, don't know.

Really? Like what? It seems to work 100% of the time for me as a normal
user? What kind of functionality are you talking about?

> Another:  kppp dialup app will start being fruity after awhile.
> Thats becasue of the many instances of kppp running.  I
> need to kill those also and restart - which fixes it.

So you don't solve the actual problem, but the symptom? That's fine if
you like that, but killing a process or service is easily done with
"sudo systemctl restart ....."?  Is it really worth not writing sudo to
every script/code you run have the ability to blow away or own your box?

> There are more, but I can't recall the stufff....  although, wait,
> Firefox 31 very occassionally will croak after it's been up a few
> weeks, and closing it won't kill some FF process.. (I.e. I can't 
> startup FF normally by clicking the icony.  Again,  a manual action.

If you run any browser as root, you've moved into an area where help is
hard to find WHEN things blow up on you. That's really horrible practice
and so dangerous that I cannot understand why alarm bells aren't ringing
in your ears when you do that.


-- 
Regards
  Peter Larsen




More information about the Novalug mailing list