Re: running X as root in centos 6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, 27 Jul 2011, Devin Reade wrote:

*snip*

> In the particular case of GUI administrative tools (and depending on
> how they're written), they don't necessarily have to run as root
> even though they ask for root credentials. (For example, they could
> "su - /some/command" to make changes).  If they do run as root,
> then hopefully their developers are being sufficiently paranoid.
> But even then, that is better than running the window manager as
> root and, by extension, all the *other* programs that are launched
> (or are launchable) from the window manager.
>
> The principle of least privilege applies.  Sure, you can ignore it,
> but you won't get much sympathy if you do.

Plus there's the fact that X11 is designed as a networked 
windowing system. So it's possible for a remote attacker to 
login remotely if X is listening for connections on the 
network, and the relevant port is opened to the internet.

Running X server as root user makes the whole system much 
more vunerable to remote login attacks IMHO.

Kind Regards,

Keith

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux