From owner-freebsd-questions@FreeBSD.ORG Thu Feb 3 08:32:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C9BA16A4CE for ; Thu, 3 Feb 2005 08:32:28 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAF5C43D2D for ; Thu, 3 Feb 2005 08:32:27 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j138WPj81056; Thu, 3 Feb 2005 00:32:25 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Gert Cuykens" , "Chris Hodgins" Date: Thu, 3 Feb 2005 00:32:23 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: Importance: Normal cc: freebsd-questions@freebsd.org Subject: RE: xhost +localhost X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 08:32:28 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Gert Cuykens > Sent: Wednesday, February 02, 2005 6:20 PM > To: Chris Hodgins > Cc: freebsd-questions@freebsd.org > Subject: Re: xhost +localhost > > > > Don't want to be rude but do you have a specific reason for running > > xscreensaver as root? > > > > Chris > > Well the reason is very simple actuale lets pretend we have a user > gert. User gert has alot of pictures and music stuff phone numbers > user gert dont want does things to be gone. Somebody hacks user gert > because user gert uses a screensaver. And the hacker deletes all > files. User gert is not happy because he lost everything. Do you think > user gert gives a chit that the system was untouched because the > hacker did not had root permission ? > > For me its wrong to think user accounts are not importend because they > do for the average window xp single user. They dont care about viruses > infection on there system reinstalling everything they care about > there files. So if sreensaver is a securty risc as root i doesnt mean > its not a security risck for a user account. The only differens > between a root and user should be that users can not read or mess with > other users files. The security sould be EXACTLY the same. So if root > can not run a screensaver then the users can also not run a > screensaver. While all of this is very interesting academic, if user Gert is dumb enough to leave the console of his UNIX system accessible then user Ted can come along and power cycle it into single user mode and wipe his disks whether he has the root password or not. Or, are you assuming that the 'bios' passwords in the typical PC are immune from 60 seconds of CMOS battery removal? Ted