[OT] Re: Running graphical programs as root

[Ray Andrews]

On 09/05/12 03:53 AM, Darac Marjal wrote:
> On Tue, May 08, 2012 at 09:16:10PM -0700, Ray Andrews wrote:
>> For now I'll just accept the fact that when I'm logged in as root,
>> playing an .mp3 somehow puts my system in peril and that there's
>> nothing that can be done about it.
> It does. The nature of root is that all protection is off. You have
> complete free reign over the whole system.
>
> Imagine there was a bug in VLC that your mp3 exploited. If you run VLC
> as a limited user, then the theory goes that the exploit can only do as
> much damage as that limited user can do. If you run VLC as root then,
> again, the exploit can only do as much damage as root can do. That's
> anything, remember.
I see what you're saying.  Maybe there is no other way, but I can't help 
but wonder if there might be some mechanism to let 'me' do anything I 
want (as root) and yet prevent malicious attacks.  If root types ' rm -r 
/ ' well ... he typed it, too bad.  OTOH if I'm playing an .mp3 as root 
and there's some devilish exploit in there, might there not be some way 
of monitoring for that? Can't VLC/Xfce/Linux warn me if my music file 
contains something that wants to wipe out my HDD? Or if I'm playing 
internet chess as root, can't my system keep an eye on other activity on 
the internet and 'understand' that I want to play chess and not also 
download some malware?  Can't playing chess be  'only' playing chess? 
Can't listening to music be 'only' listening to music?  I undertand that 
root can 'do' anything, but why does that *also* mean that anyone and 
everything out there  is also free to 'do' anything to my system without 
my permission? Why does being root mean that my system becomes naked to 
the world?

Dunno, maybe this is pie in the sky, but it's a nice dream to have 
control of one's system without at the same time giving that control to 
the whole world at the same time.