Root with GUI
Bill Davidsen
davidsen at tmr.com
Fri Apr 16 17:50:04 UTC 2010
Ed Greshko wrote:
> On 04/16/2010 12:41 AM, Tom Horsley wrote:
>> On Thu, 15 Apr 2010 23:42:46 +0800
>> Ed Greshko wrote:
>>
>>
>>> At some point, they'd logout and later, next
>>> day...after lunch, login as themselves and now have all sorts of
>>> troubles they didn't have before.
>>>
>> "It is possible for idiots to screw up", is not the same as
>> an actual case history of some exploit hitting someone
>> only because they were running a GUI app as root. I'm still
>> waiting for the pointer to those case histories :-).
>>
> Well, the point being that in this case some directories were set to
> 777. This allowed others to, for example, read other people's mail,
> gain access to other people's personal files, photos, etc. Yes, it is a
> "local exploit". But, if some guy had emails about his colleagues he
> didn't want to get out...or his cache file was filled with trails of
> visiting porn sites...or...
>
> I suppose you'd find that OK...and just chalk it up to "idiots". But
> that is one of the reasons for making it hard for folks to login as root
> from the GUI. To protect them from themselves.
>
This doesn't sound like something easy to do by accident from a GUI, or
at any rate not more easily than CLI. The root cause is that this user
had root at all. :-(
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list