Re: dangerous to leave root logged in?

From: Newsbox (nospam_for_me_please_at_thanks.invalid)
Date: 03/29/05 

Date: Mon, 28 Mar 2005 23:33:49 -0500

On Mon, 28 Mar 2005 12:09:21 -0800, hans_schulze98 wrote:

> Some things require periodic watching. Others need to run for a long
> time, and the regular users need to do work during that time.

No responsible person would tell you that it is not dangerous. Certainly
not on a public forum. You must have known the answer before you asked
the question.
                                                                                                                             
I suspect that many people have root owned processes running continuously
on internet-connected machines. If your systems are anything like my
default setups and you run top, the second column will list several to
many root-owned processes running by default, continuously.
                                                                                                                             
The most realistic evaluation is probably more a matter of degree of risks
and exposure. Certainly if you go away and can't watch those root-owned
displays, there's no reason not to shut them down or disconnect, or both.
Some purposes can probably be served as well without continuously having
root-owned processes running. You are certainly less exposed to a
multitude of serious threats as you run fewer root-owned processes for
less time.
                                                                                                                             
I'm sure you may be aware that minimizing or eliminating (?) running root
processes does not by any means ensure your systems' integrity. If you
happen to be running a "high value target", your security could be much
more severely tested than that of an "average user". It has been put into
the archives, so I won't belabor it; but security in layers, security in
depth and constant vigilance is the way to go. Especially today, there is
no absolute and certainly no better security guarantee than that.
                                                                                                                             
No one should be telling you it is safe. And you should never believe it
is. For many reasons it is good practice to run as few (or none)
root-owned processes as possible for as brief a period as absolutely
necessary. I wouldn't necessarily say you should immediately shut down
any essential processes that you don't have reasonable alternatives to.
Don't needlessly and hastily break anything essential that you already
have working, but do make it a priority to minimize root-owned processes
on any and every internet-connected machine. Depending on your local user
base, LAN connected machines might have equal (or greater) priority for
this. If your systems are (hopefully not!!) compromised, you would quickly
decide that those processes (whatever) that were running as root were
probably not worth the risk. But it is also true that you are not alone
in running root processes on connected machines. Weigh the value against
the risks. If you must err, err on the side of safety rather than
convenience. My humble but considered advice.
                                                                                                                             
You have my
                                                                                                                             
        Best wishes.