I would like this thread to be as accurate and complete as possible. If I make a mistake or leave out something, please post it.
I have rarely if ever seen the specific reasons precisely why one shouldn't surf the web as root, and what can happen to you and how it might happen, together in one place. I think we can agree that web browsing with privileges escalated to superuser/root is bad. Putting your cell phone in the microwave bad.
Perhaps it should be thought of like driving in the wrong direction down the middle of a six-lane expressway. I think we could agree there are nice odds you will collide with one of those cars. The information superhighway is chock full of malware, bugs, malicious scripts and goodies, and vulnerabilities. And web browsers are complex assemblies of software, with bugs and
vulnerabilities of their own. Browsers are always offering updates to plug up security leaks, and there are people out there with malicious intent in their hearts looking for a known exploit for a published vulnerability. There are layers of defense keeping your computer from being exploited or completely crapping out, but if you are running as root you don't have any protection. Sooner or later, possibly sooner, you are going to crash your car into oncoming traffic.
You don't even need to be running as root for a malicious hacker to get you in his clutches, but if you are it is his dream come true. Especially vulnerable and potentially malicious are the "apps" for Google Chrome and Chrome OS. Google specifically makes it difficult to run Chrome or Chromium as root for this reason. The risks of running as root can apply to other programs as well.
In most instances there is NO reason to browse as root, or to be logged into your whole system as root, since Linux makes easily escalating user privileges for a task a cinch. THE only reason I can think of why one might be running a web browser as root might be if they were using a penetration testing distro like BackTrack, BackBox, Pentoo or Matriux and so MUST be logged in as root, and in this case, there is likely a way to deescalate one's privilege level for an individual process(COULD SOMEONE POST WHETHER THERE IS A WAY TO DO THIS?).
I have tried to be comprehensive on this matter. Play safe
Bookmarks