Surfing web as root: Dangerous?
Amaranth
as root for "security reasons."
I was a bit shy to ask but I have tried Googling for a reason why but
nothing obvious came up. I can understand how one wants to limit root
usage as far as possible but sometimes I log in as root to perform
administrative tasks and want to browse the net while waiting for
things to complete.
So why is it dangerous to surf the net as root? What is the worst that
can happen, and have browser/kernel security updates cured the
problem?
Thanks.
philo
It is just plain not a good idea.
There is always a chance for a security breach...
plus, there is *no* need to log in as root.
to perform administrative tasks, do so from within your user's profile...
simply "su" to root to perform the tasks...
even if GUI related you can open the apps from the command line
as root
Bit Twister
> Our Linux lecturer told us that it was not advisable to browse the web
> as root for "security reasons."
Damn good advice.
> So why is it dangerous to surf the net as root?
There is no protection from root. Any malware would have the run of
the system and install whatever it wanted.
If surfing as a user, all that can happen is changes to user's files.
System would still be safe.
> What is the worst that can happen,
Root kit install, holes poked in system security, firewall disabled/holed,....
Your system used to store/forward child porn, used to buy/sell/laundry
credit cards, .... and some three letter outfit hauls you and your
hardware off to the barbed wire hotel for free room and board.
Then you get to spend a few hundred dollars an hour for a lawyer for a
few days work plus expenses.
> and have browser/kernel security updates cured the problem?
No software update is going to cure human stupidity.
Robert Heller
>
> Our Linux lecturer told us that it was not advisable to browse the web
> as root for "security reasons."
>
> I was a bit shy to ask but I have tried Googling for a reason why but
> nothing obvious came up. I can understand how one wants to limit root
> usage as far as possible but sometimes I log in as root to perform
> administrative tasks and want to browse the net while waiting for
> things to complete.
You really shouldn't even log in as root, even to perform
administrative tasks. All Linux system (and most UNIX systems now) have a
program called 'sudo' -- this is the program you should be using to
perform administrative tasks. There are litterally thousands of way to
trash your system while 'causually' logged in as root. As a 'normal'
non-privilidged user, your access is limited and it is just not easily
possible to totally trash your system.
>
> So why is it dangerous to surf the net as root? What is the worst that
> can happen, and have browser/kernel security updates cured the
> problem?
A web browser is like a power saw. It is potentially a very dangerous
piece of equipment. Because a web browser downloads (and in many cases)
runs programs (even if 'only' a bit a JavaScript) from remote places
(the internet), there is no real certainity as to whether these programs
are 'safe'. Running as root means if one of these programs has a bug,
it is possible to badly mess up your system. Running as a normal user
greatly minimizes any possible damage.
If you have ever used a 'modern' power saw, you may notice that there
is a safety catch on the trigger that requires a positive action by an
additional finger to activate the saw. Sudo performs this function in
the Linux/Unix world of system admin.
>
> Thanks.
>
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Download the Model Railroad System
http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows
hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/
Maxwell Lol
> So why is it dangerous to surf the net as root?
Any vulnerability will allow the COMPLETE compromise of your system
with all priviledges.
If you surf as a normal user, they just get access to your non-root
account. They then need to find ANOTHER vulnerability to gain root
access.
>What is the worst that
> can happen
You have to re-install everything.
and everything on your computer will be copied.
>, and have browser/kernel security updates cured the
> problem?
No. Because you only have one layer of defence. One hole, and all is lost.
Experts suggest defense in depth, so an attacker has several barriers
to break through.
Keith Keller
>
> Your system used to store/forward child porn, used to buy/sell/laundry
> credit cards,
To be fair, these can happen even if your user account is compromised
instead of root.
And, also to be fair, on a single-user home linux desktop, the only
thing the user is going to really care about is his files, so if they're
trashed by a cracker or malware he won't care about the distinction
between getting a user account cracked and getting root cracked. And a
paranoid person will erase and reinstall even if just a user account is
cracked.
Still and all, it's still better not to regularly run as root, not only
to make it harder for a remote attacker, but to make it harder for you
to hose your own box. Since linux provides so many ways to easily escalate
one's privileges, it makes no sense to run the risk of running as root
for some sense of convenience.
--keith
--
kkeller...@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
Sidney Lambe
Why did you post an article with "Re:" on the subject line that
has no References? What kind of a game are you playing here?
> At Fri, 13 Mar 2009 17:43:26 -0700 (PDT) Amaranth
> <rhud...@googlemail.com> wrote:
Maybe. Without the Message-ID it is impossible to check and see
if anyone is involved with this article but you.
Given your signature, this looks like it just might be disguised
spam.
Been running Linux exclusively as root since day one. Lots of
people do. Never had a problem.
The world is full of paranoids. And fear-mongers who make a living
spreading paranoia.
Sid
Andrew Halliwell
> Been running Linux exclusively as root since day one. Lots of
> people do. Never had a problem.
>
> The world is full of paranoids. And fear-mongers who make a living
> spreading paranoia.
However, there're far more idiots out there than paranoid fear mongers.
If the framework is there, it doesn't hurt to use it.
Running everything as root is idiocy incarnate.
You might just as well use windows.
--
| spi...@freenet.co.uk | |
| Andrew Halliwell BSc | "ARSE! GERLS!! DRINK! DRINK! DRINK!!!" |
| in | "THAT WOULD BE AN ECUMENICAL MATTER!...FECK!!!! |
| Computer Science | - Father Jack in "Father Ted" |
Douglas Mayne
The browser is a complex assemblage of software, and it has bugs and
vulnerabilities. As such, they are under continual development. For
example, Firefox issues new releases fairly often to plug holes, etc. If
you are running an old version, then you may be specifically targetted by
the "bad guys" using a known exploit for a published vulnerability. It is
a very good idea to limit your exposure by keeping up to date with the
latest version, and other security patches. You will still be vulnerable
to attack (they could be using some "unknown" browser vulnerability), but
that is an order of magnitude less likely than the published buglist. BTW,
when you visit a website, you "leak" certain information about yourself as
part of a "client/server" transaction. Part of the information exchanged
is your IP address, and your client parameters such as this:
User-Agent:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7)Gecko/2009021906
Firefox/3.0.7
For good or for bad, this advertises that the client is using Firefox
3.0.7 on Linux.
It's not just the browser that can have bugs. In addition, there are
vulnerabilties in libraries which are linked to it. In the last few years,
there have been critical bugs in graphics libraries (PNG, JPEG),
compression libraries (zlib), and a lot of other libraries. Any of these,
if left unpatched, can compromise the system.
Compromise...
It the simple case where a system is compromised, the attacker will gain
the rights of the account which is running the compromised code. As K.
Keller points out on this thread, a compromise which gives an attacker
"regular user account" rights is bad enough, but the root account is much
worse. It is the "grand prize" for the bad guys; don't run as root. When a
regular user account is attacked (non-root), then the bad guys must still
overcome other obstacles to compromise the entire box. Be aware that
there is a whole class of bugs which lead to "priviledge escalation."
http://en.wikipedia.org/wiki/Privilege_escalation
In short, if you are already running with the highest priviledge (root),
then the bad guys can skip that step- they will have already achieved
their goal and have "rooted" your box. Don't run as root.
More security basics...
IMO, it makes sense to use defenses whenever computers are placed directly
on a public network, such as the internet. Most home users are behind NAT
which provides at least some protection against unsolicited inbound
attacks. However, it is essential to employ a good firewall for any
system which is given a public IP.
--
Douglas Mayne
ray
Out of curiosity, have you ever heard of 'sudo'? It's made to facilitate
system admin from your normal user account.
wisdomkiller & pain
....
> Maybe. Without the Message-ID it is impossible to check and see
> if anyone is involved with this article but you.
>
> Given your signature, this looks like it just might be disguised
> spam.
>
Paranoia?
.....
> Been running Linux exclusively as root since day one. Lots of
> people do. Never had a problem.
>
Hmm. Until you visit *that* hacked webserver with a tiny exploit and you are
one of the crowd (of rootkitted zombies) listening for commands on a secret
irc channel while spewing spam all over the place and trying to find other
exploitable systems.
> The world is full of paranoids. And fear-mongers who make a living
> spreading paranoia.
>
Run windows Vista. You'll have UAC at least.
Unruh
He also seems never to heard of su -- Ie you can open a root login in ONE
terminal window in which you carry out your administrative tasks, leaving
the desktop and your browser as user owned.
anyway, yes, there are a wide variety of web sites that can in principle to
nasty things to your machine if you do something stupid, or even not so
stupid.
Dave Gibson
> Robert Heller <hel...@deepsoft.com> wrote:
>
> Why did you post an article with "Re:" on the subject line that
> has no References?
Newsreader bug by the look of it.
Robert, your newsreader occasionally drops the References header's
label and appends the remainder to the In-Reply-To header. The
post Sidney's referring to has this (line broken at '\'):
>> In-Reply-To: \
>> <bfd972b9-d83a-47a3...@41g2000yqf.googlegroups.com>
>> <bfd972b9-d83a-47a3...@41g2000yqf.googlegroups.com>
Similar:
Message-ID:<aNSdnQLlwK4KPCvU...@posted.localnet>
Message-ID:<hrmdnQ5z66uthQrU...@posted.localnet>
Message-ID:<ecOdnToQW4bGZAfU...@posted.localnet>
Robert Heller
>
> Sidney Lambe <sidne...@nospam.invalid> wrote:
> > Robert Heller <hel...@deepsoft.com> wrote:
> >
> > Why did you post an article with "Re:" on the subject line that
> > has no References?
>
> Newsreader bug by the look of it.
>
> Robert, your newsreader occasionally drops the References header's
> label and appends the remainder to the In-Reply-To header. The
> post Sidney's referring to has this (line broken at '\'):
As far as I can tell, it seems to happen when the message id is really
long (which seems to be the case with googlegroups). My newsreader was
generating lines like:
References:
<bfd972b9-d83a-47a3...@41g2000yqf.googlegroups.com>
That is, it is putting the long message ID on a new line, with 4 spaces
of indentation. This is *supposed* to be legal, as far as I know --
this should be just a 'normal' header continuation line. At least that
is my understanding. I've changed things to force the first / only
reference to *always* be on the same line as the 'References:' header
itself, even if the line would be over length. I'm suspecting that
somehow, an upstream news processing agent is seeing a 'References: '
header with only spaces after it and is dropping the (seemingly) empty
header line (is *that* proper?).
>
> >> In-Reply-To: \
> >> <bfd972b9-d83a-47a3...@41g2000yqf.googlegroups.com>
> >> <bfd972b9-d83a-47a3...@41g2000yqf.googlegroups.com>
>
> Similar:
>
> Message-ID:<aNSdnQLlwK4KPCvU...@posted.localnet>
> Message-ID:<hrmdnQ5z66uthQrU...@posted.localnet>
> Message-ID:<ecOdnToQW4bGZAfU...@posted.localnet>
>
--
LEE Sau Dan
Amaranth> I was a bit shy to ask but I have tried Googling for a
Amaranth> reason why but nothing obvious came up.
It's too obvious that nobody feel it needs to be written do
explicitly? Just like "don't play with fire"?
Amaranth> I can understand how one wants to limit root usage as
Amaranth> far as possible
So, why would you even ask why one wouldn't want to surf the web as
root?
Amaranth> but sometimes I log in as root to perform administrative
Amaranth> tasks and want to browse the net while waiting for
Amaranth> things to complete.
That's a bad practice. Stop doing that. Instead, log in as normal
use. Open an xterm (or whatever terminal emulator you like) and use
"su -" to become root. Root privilege would then be limited to that
xterm, and damage is limited to what you do from that shell.
Amaranth> So why is it dangerous to surf the net as root?
For the same reason "one wants to limit root usage as far as
possible". Web browsing is far enough.
Amaranth> What is the worst that can happen, and have
Amaranth> browser/kernel security updates cured the problem?
A browser security flaw can let an arbitrary program from the net to
run *AS ROOT*, which means it's possible to do an "rm -rf /"
(optimistically) or install malware/virus (pessimistically). Do you
want to run that risk?
It's just like biking along a bridge, which is narrow and has no
fences on the sides to prevent people from falling off. You may feel
it's OK. You may even feel it's "safe" because you trust your biking
skills. But isn't it obvious to imagine what happens when something
unluck happens? You want to run that risk?
--
Lee Sau Dan 李守敦 ~{@nJX6X~}
E-mail: dan...@informatik.uni-freiburg.de
Home page: http://www.informatik.uni-freiburg.de/~danlee
Dave Gibson
> At Sun, 15 Mar 2009 12:24:34 +0000 dave+news002@gibson-hrd.\
> abelgratis.co.uk.invalid (Dave Gibson) wrote:
>
>>
>> Sidney Lambe <sidne...@nospam.invalid> wrote:
>> > Robert Heller <hel...@deepsoft.com> wrote:
>> >
>> > Why did you post an article with "Re:" on the subject line that
>> > has no References?
>>
>> Newsreader bug by the look of it.
Er, or not.
> As far as I can tell, it seems to happen when the message id is really
> long (which seems to be the case with googlegroups). My newsreader was
> generating lines like:
>
> References:
> <bfd972b9-d83a-47a3...@41g2000yqf.googlegroups.com>
>
> That is, it is putting the long message ID on a new line, with 4 spaces
> of indentation. This is *supposed* to be legal, as far as I know --
> this should be just a 'normal' header continuation line. At least that
> is my understanding.
AOL. (RFC822 section 3.1.1 if anyone's interested.)
> I've changed things to force the first / only
> reference to *always* be on the same line as the 'References:' header
> itself, even if the line would be over length. I'm suspecting that
> somehow, an upstream news processing agent is seeing a 'References: '
> header with only spaces after it and is dropping the (seemingly) empty
> header line (is *that* proper?).
Meh.
[References header folded before first MID...]
Stan Bischof
Very simple-- just as in Windows, if you browse ( or even run the OS )
as root, any exploit or just plain error that comes along can mess up
your whole system. If you are running as normal restricted user the
worst that can happen is that the user's account can get messed up.
" have browser/kernel security updates cured the problem"?
In a word-- NO- they inherently can't since "updates" don't happen
untill AFTER the problem is found in the first place, so a window
of vulnerability will always exist.
And-- no "update" will cure the accidental error like the
typo "/*" instead of the intended "./*".
bottom line- there's rarely a reason to run as root- only do so
when really needed- and browsing the web if you have anything
like java or flash installed is a _really_ bad idea as root.
Stan
Grant Edwards
> Our Linux lecturer told us that it was not advisable to browse the web
> as root for "security reasons."
Quite true.
> I was a bit shy to ask but I have tried Googling for a reason
> why but nothing obvious came up.
Any program you run as root has the ability to mess up your
system, install a worm or trojan, send sensitive info to
anybody anywhere.
> I can understand how one wants to limit root usage as far as
> possible but sometimes I log in as root to perform
> administrative tasks and want to browse the net while waiting
> for things to complete.
Don't do that.
Log in as a normal user. Then user "su" or "sudo" to elevate
just the one program that needs privledges.
> So why is it dangerous to surf the net as root?
Becase any security hole in the browser can comprimise your
entire system if you're running that browser as root.
> What is the worst that can happen,
Your system gets root-kitted, a keylogger is installed,
somebody empties your bank account, steals your identity, you
end up homeless, but only until somebody commits crimes in your
name, you get arrested, go to prison, and get killed there.
> and have browser/kernel security updates cured the problem?
No. The kernel and the browser still have bugs and security
holes.
--
Grant Edwards grante Yow! I'm having a
at tax-deductible experience!
visi.com I need an energy crunch!!