Re: Where's Konqueror in SU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Michal Jaegermann wrote:

On Thu, Nov 05, 2009 at 12:14:44PM -0500, Jim wrote:
Would someone explain to me what is the detrimental difference between a Gui or command line, logging in to root from the same box . 

Complexity.  The more programs are involved the harder they become
to secure.  With specialized tools that can be manageable and you
can tell that a trade-off of a small GUI is worth it but you are
talking about a "kitchen sink" application here.
Most of the people that over reacted to question was they looked at Konqueror as a Web Browser, not realizing it is also a File Manager. 

And also..., and also..., and ... Here is the issue.  "Big" web
browsers are complicated beast and chances for forgotten "dark
corners" and unwanted/unexpected interactions grow exponentially
with size.  Root should be much more careful as effects of a
hypothetical compromise are far reaching.


You only need to look at the guano that is Internet Explorer to prove
how incestuous and dangerous a web browser/file manager/media manager/
swiss army knife app can get.  Other GUI apps can be just as
detrimental.  A security hole in any of them can be disastrous.

These are the main reasons why the default for F10-F12 is to not permit
the root user to log in as a GUI user--specifically to keep people from
shooting themselves in the foot.  If you really need a GUI for certain
tasks you want root to do, the "bring up a command line, 'su -' in it
and run the GUI app you want from there" is a reasonable compromise.  If
you really, really want root to log in as a GUI, follow the instructions
in the Wiki.  It's not hard to do.

I've been a Linux admin for well over 15 years and I've yet to see when
I really _need_ root to have a GUI.  It's nice on occasion, but you use
it (and anything as root) at your own risk.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-   NEWS FLASH! Intelligence of mankind decreasing!  Details at...   -
-     uh, when, uh, the little hand is, uh, on the...  Aw, NUTS!     -
----------------------------------------------------------------------

--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux