PDA

View Full Version : Logged in as root



frt975
August 12th, 2009, 11:40 PM
:lolflag:
How to reproduce:
Remove the top panel.
Run
sudo debconf gnome-panel

3rdalbum
August 13th, 2009, 12:23 PM
Or you could do:


sudo killall gdm

And then, at the text terminal:


sudo startx

It's not like it's a security flaw, as you need to be a sudoer in order to start Gnome Panel as root.

Barrucadu
August 13th, 2009, 01:06 PM
Or even fiddle with the GDM settings to let you log in as root…

frt975
August 14th, 2009, 01:24 AM
Once you run it any script can do anything. I was able to edit menu.lst without sudo.

JillSwift
August 14th, 2009, 01:27 AM
Actually yes it is, I was able to edit menu.lst without sudo.
See that bit where you invoked sudo to start the panel?

That's why it's not a security flaw. You did have to use sudo, you just used it earlier.

Barrucadu
August 14th, 2009, 01:27 AM
Actually yes it is, I was able to edit menu.lst without sudo.

Well of course you were. You had the panel running as root, so any subprocesses were run as root. It's not a security flaw though, only a sudo-user could do that.

frt975
August 14th, 2009, 01:46 AM
I would be one if one of the few viruses infected the computer or I did something stupid like delete a important system file by accident.

Trison
August 14th, 2009, 03:03 AM
So what happens when some clever shrew finds a security breach in firefox (or any other web-connected app) that you're conveniently running as root?

Barrucadu
August 14th, 2009, 09:51 AM
I would be one if one of the few viruses infected the computer or I did something stupid like delete a important system file by accident.

If you think you're at risk of deleting important files by accident, running a file manager as root is not for you :P


So what happens when some clever shrew finds a security breach in firefox (or any other web-connected app) that you're conveniently running as root?

This too. Running things as root is just bad.

gnuvistawouldbecool
August 14th, 2009, 10:17 AM
If you think you're at risk of deleting important files by accident, running a file manager as root is not for you :P

This is why windows is insecure.

That said, why anyone would ever delete a folder called '/usr' or 'WINDOWS' is beyond me...

Copernicus1234
August 14th, 2009, 10:19 AM
This is why windows is insecure.

That said, why anyone would ever delete a folder called '/usr' or 'WINDOWS' is beyond me...

To be fair, its been more secure since Vista. I dont use it, but at least I know that these days the default user doesnt have root anymore. Even a crap OS such as Windows is sometimes taking a step forward. :)

Zack McCool
August 14th, 2009, 10:35 AM
I would be one if one of the few viruses infected the computer or I did something stupid like delete a important system file by accident.

No, it still wouldn't be a flaw. You would be the flaw. Any number of problems can be caused by bad user practices, but they are not system flaws.

You called the panel as root. You intentionally broke the security model. That's not a flaw in the model, but rather a strength of linux, in that it will let you do pretty much anything you want, even if it isn't the smartest thing to do.

cmannnn
August 14th, 2009, 10:44 AM
Isent like that in most aspects of life tho cars dont crash them selvs you know

lisati
August 14th, 2009, 10:46 AM
We might laugh about being able to bypass security and other precautions or brush them aside as inconsequential - until we make a big muck-up that takes several hours to fix. And that's before we figure in the possibility of leaving ourselves vulnerable to mischief done by others.......

gnuvistawouldbecool
August 14th, 2009, 10:49 AM
I dont use it, but at least I know that these days the default user doesnt have root anymore. Even a crap OS such as Windows is sometimes taking a step forward. :)

Yes, one now has to click a yes/no dialog to delete stuff as root instead, no password needed. At least, thats what Win 7 did for me, not that I tried to delete it like that.

Barrucadu
August 14th, 2009, 10:55 AM
Yes, one now has to click a yes/no dialog to delete stuff as root instead, no password needed. At least, thats what Win 7 did for me, not that I tried to delete it like that.

Better than nothing. Hopefully it will cause people to think. If not, at least us geeks will be able to say "Well, it did warn you that deleting it could mess up your computer…" when they seek our help.