Ed Greshko wrote:
On 04/16/2010 12:41 AM, Tom Horsley wrote:
On Thu, 15 Apr 2010 23:42:46 +0800 Ed Greshko wrote:
At some point, they'd logout and later, next day...after lunch, login as themselves and now have all sorts of troubles they didn't have before.
"It is possible for idiots to screw up", is not the same as an actual case history of some exploit hitting someone only because they were running a GUI app as root. I'm still waiting for the pointer to those case histories :-).
Well, the point being that in this case some directories were set to 777. This allowed others to, for example, read other people's mail, gain access to other people's personal files, photos, etc. Yes, it is a "local exploit". But, if some guy had emails about his colleagues he didn't want to get out...or his cache file was filled with trails of visiting porn sites...or...
I suppose you'd find that OK...and just chalk it up to "idiots". But that is one of the reasons for making it hard for folks to login as root from the GUI. To protect them from themselves.
This doesn't sound like something easy to do by accident from a GUI, or at any rate not more easily than CLI. The root cause is that this user had root at all. :-(