[OT] Re: Running graphical programs as root

Darac Marjal mailinglist at darac.org.uk
Fri May 11 18:10:38 CEST 2012 

On Fri, May 11, 2012 at 08:45:22AM -0700, Ray Andrews wrote:
> Gentlemen,
> 
> My rantings about 'root' and all raised some interesting responses.
> It's not strictly on topic, so I hope the moderator will let me know
> if I shouldn't wander off like this.
> 
> On 09/05/12 10:57 AM, houghi wrote:
> >
> >If root types ' rm -r / ' well ... he typed it, too bad.  OTOH if I'm
> >playing an .mp3 as root and there's some devilish exploit in there,
> >might there not be some way of monitoring for that?
> >No. Because it has no idea if it is some exploit or if it is expected
> >behaviour. Perhaps my idea of fun is listening to Wagner while I delete a
> >hard drive.
> But that misses the point.  If *I* delete a hard drive via my own KB
> while listening to Wagner -- hey, 'Twilight of the Gods' would be
> the thing to listen to, wouldn't it ;-) -- then that's fine.  But is
> it reasonable to expect that VLC would delete a hard drive? Ever?
> Even when I'm listening to AC/DC? What I'm reaching for is some sort
> of 'guardian' program that would keep an eye on a few user choosable
> rules:
> 
> -VLC: never allowed to delete HDDs.
> -Kate: only allowed to modify currently loaded file.
> -Internet Chess: chess moves only, no loading of hacked kernels.
> - ...
> 
> It seems to me that even when running as root, there might still be
> some sort of monitoring going on that might check for obvious
> mischief.  Eg. If someone has hacked into my machine there could be
> a popup to that effect.  It would make 'root' a bit less dangerous.
> Dunno, it's just an idea.

This is certainly possible and is what frameworks such as AppArmour (or
is it AppArmor?) and SELinux seek to achieve. You define such "approved
behaviours" and then any aberrant behaviour is blocked. However, this
can get in the way of your PC being a "general purpose" tool. Say, for
example, you allow Kate to only modify files under /home. Everything
works fine for ages, until that day that you want to use it to quickly
edit your fstab. Whoops, you're blocked.

However, remember that as root, you can do ANYTHING. This probably
includes turning OFF such protection. And if the framework provides no
such functionality, root could always, say, install a kernel without the
framework installed and then cause a reboot.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20120511/2a8afc7a/attachment.pgp>

More information about the Xfce mailing list