Alexandre says "let the newbies run as root"

Mark Knecht · Post by **Mark Knecht** » Mon Mar 24, 2008 12:05 pm

On Mon, Mar 24, 2008 at 9:50 AM, Paul Johnson <[email protected]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 24 March 2008 03:47:59 am Timeout wrote:

Can't you simply start by not allowing uncontrolled connexions to the
Internet (like adding an offline-modus in winecfg instead on blocking the
root)?
What reason would one EVER need to run end-user software as root in the first
place? Wine or not, that's just terrible practice.

In Linux I agree. In Windows there is lots of software that requires
folks to install and/or run as administrator. I sometimes suspect that
some Wine users, nebies mostly, get confused about the difference
between the two.

I would personally *never* run Wine as root. About the only thing I
run as root on my systems are the programs to install software,
nothing else, at least in a terminal, etc.

As much as I like Wine I am even concerned about running it in my
regular user account as it seems to me someone could write a Windows
program that then erases all my Linux user files, etc.

Just my being paranoid,
Mark

Timeout · Post by **Timeout** » Mon Mar 24, 2008 12:06 pm

If you don't have yet understood what I had been saying for two days, forget it, you won't.

Now the bank holiday is over, tomorrow I will have too much work to bother about it.

I am removing this string to be able to run it as user.
Someday I will reinstall it but what I am doing is solely my problem. Instead of blocking things you should take care of no auto updates or faking an offline mode if required. This will be more of effect than blocking everything as a protection against viruses.
The .NET is switching permissions as it needs anyway.

David Gerard · Post by **David Gerard** » Mon Mar 24, 2008 12:32 pm

On 24/03/2008, Mark Knecht <[email protected]> wrote:

On Mon, Mar 24, 2008 at 9:50 AM, Paul Johnson <[email protected]> wrote:

What reason would one EVER need to run end-user software as root in the first
place? Wine or not, that's just terrible practice.

In Linux I agree. In Windows there is lots of software that requires
folks to install and/or run as administrator. I sometimes suspect that
some Wine users, nebies mostly, get confused about the difference
between the two.

Yes. This will remain an eternal source of confusion.

As much as I like Wine I am even concerned about running it in my
regular user account as it seems to me someone could write a Windows
program that then erases all my Linux user files, etc.

Hmm ... how usable do you find this in practice? What safety do you
get from running it as a different Unix user that you wouldn't get
from just disconnecting Wine's "home" drive and Z: drive (the whole
file tree)?

- d.

James Hawkins · Post by **James Hawkins** » Mon Mar 24, 2008 12:33 pm

On 3/24/08, Mark Knecht <[email protected]> wrote:

On Mon, Mar 24, 2008 at 9:50 AM, Paul Johnson <[email protected]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 24 March 2008 03:47:59 am Timeout wrote:

Can't you simply start by not allowing uncontrolled connexions to the
Internet (like adding an offline-modus in winecfg instead on blocking the
root)?
What reason would one EVER need to run end-user software as root in the first
place? Wine or not, that's just terrible practice.

In Linux I agree. In Windows there is lots of software that requires
folks to install and/or run as administrator. I sometimes suspect that
some Wine users, nebies mostly, get confused about the difference
between the two.

I would personally *never* run Wine as root. About the only thing I
run as root on my systems are the programs to install software,
nothing else, at least in a terminal, etc.

As much as I like Wine I am even concerned about running it in my
regular user account as it seems to me someone could write a Windows
program that then erases all my Linux user files, etc.

There's nothing special about Wine. Someone can also write a Linux
program that erases all your user files.

--
James Hawkins

Mark Knecht · Post by **Mark Knecht** » Mon Mar 24, 2008 12:47 pm

On Mon, Mar 24, 2008 at 10:32 AM, James Hawkins <[email protected]> wrote:

On 3/24/08, Mark Knecht <[email protected]> wrote:
On Mon, Mar 24, 2008 at 9:50 AM, Paul Johnson <[email protected]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 24 March 2008 03:47:59 am Timeout wrote:
What reason would one EVER need to run end-user software as root in the first
place? Wine or not, that's just terrible practice.

In Linux I agree. In Windows there is lots of software that requires
folks to install and/or run as administrator. I sometimes suspect that
some Wine users, nebies mostly, get confused about the difference
between the two.

I would personally *never* run Wine as root. About the only thing I
run as root on my systems are the programs to install software,
nothing else, at least in a terminal, etc.

As much as I like Wine I am even concerned about running it in my
regular user account as it seems to me someone could write a Windows
program that then erases all my Linux user files, etc.

There's nothing special about Wine. Someone can also write a Linux
program that erases all your user files.

Completely true, but I get my programs from Gentoo's portage and do
not run testing versions so unless someone is pretty tricky about
hiding their intentions or the validation process runs afoul I figure
I'm relatively safe.

On the other hand I fully expect that one day someone with a chip on
the shoulder in the Windows world will start writing programs
specifically aimed at hurting the Open Source world. It will be a sad
day if something like that happens. Maybe it already has an I just
haven't heard...

Best to be safe and do regular backups.

Thanks,
Mark

David Gerard · Post by **David Gerard** » Mon Mar 24, 2008 3:11 pm

On 24/03/2008, Paul Johnson <[email protected]> wrote:

Don't
blame us for your shortcomings as an email user.

Over half this user's posts to this list are personal attacks and
abuse directed at other list members. Can he be placed on moderation
on the list until he learns civil behaviour?

- d.

oiaohm · Post by **oiaohm** » Tue Mar 25, 2008 5:45 pm

James Hawkins PostPosted: Mon Mar 24, 2008 11:33 am

There's nothing special about Wine. Someone can also write a Linux
program that erases all your user files.

James Hawkins

Yes I can write a program to nuke a Linux system. There is some things special about wine.

It allows operation of applications from the Most virus plagued OS on earth. And by its own operation does not have any built in defenses.

New users from windows think everything needs Administrator to work. So abuse wine. This is a key factor. Abuse wine. Using it when it should have never been used that way.

Finally running as root needs care. Like I have screwed up a database in the past by coping large section of data and blocking the database from writing to disk. Wine does cause High CPU load and Resource usage at times. Reason why comparing to cat or something else kinda does not cut it. Most applications that operate as root by normal use create those effects. Normally applications that have the risk of this at least change to a different user to reduce system wide risks.

Now that should at least show a little care. Running as root would not be as large of issue if wine did not have these problems with users and operation.

By the way not one person has come up with 1 valid reason to run as root.

Only reasons have been incompetence. Sorry to say I don't take that lightly. Same as another section from what I see we need to lock root of and give the uses links to documentation to do it right cure the incompetence. We have to take responsibility for the program that is being created.

L. Rahyen · Post by **L. Rahyen** » Tue Mar 25, 2008 6:45 pm

On Tuesday March 25 2008 22:45:11 oiaohm wrote:

By the way not one person has come up with 1 valid reason to run as root.

Somewhere in the thread Austin mention at least one valid reason to run as
root:

Austin English wrote:

Some wine functions require root access, ICMP ping for instance.

Personally I run WINE as a user (of course). But in my practice there was few
cases where I ran it as root, for example, in order to update firmware of my
ASUS DVD drive (by running a Windows program which uses ASPI).
So this is true: most users don't need (and shouldn't) run WINE as root. But
*sometimes* there good technical reasons to do so: for example, it is
necessary to run WINE as root in order to play in multiuser games with IPX
protocol. But running WINE as root without good reasons is very bad idea.

oiaohm · Post by **oiaohm** » Wed Mar 26, 2008 2:43 am

That maybe on bsd or something L.Rahyen.

Austin English wrote:

Some wine functions require root access, ICMP ping for instance.

http://www.ibm.com/developerworks/libra ... pabilities

Ping does not require root on 2.6.24+ Linux kernel or any older Linux kernel with selinux or smack LSM's.

On Linux platforms the time of wine requiring root is past. With upto date Kernels you would set capabilities instead. This does not allow system wide damage. Since only the segments need to be given to wine. All the ones I have seen are network related.

Older kernels you create profiles.

oiaohm · Post by **oiaohm** » Wed Mar 26, 2008 3:08 am

Missed the best bit. Using a loader program running as root under older Linux kernels it could assign the capabilities and still run wine as a normal user with the network access it needs.

All that is really in 2.6.24 kernel is a simple way to avoid having to run security raising program to get there or use a LSM.

So the need to have wine itself running as root is well and truly passed on linux.

zach · Post by **zach** » Thu Mar 27, 2008 2:58 am

Missed the best bit. Using a loader program running as root under older
Linux kernels it could assign the capabilities and still run wine as a
normal user with the network access it needs.

All that is really in 2.6.24 kernel is a simple way to avoid having to run
security raising program to get there or use a LSM.

So the need to have wine itself running as root is well and truly passed
on linux.

Not everyone that runs Wine does so on Linux though. I personally run it
on OS X - as do many others. I dont doubt there's people running Wine on
other *nix variations as well. Solaris, FreeBSD and OS X are mentioned on
the front page of wineqh.org as working with Wine, not to mention there
are binary downloads for Solaris, FreeBSD, PC-BSD and Windows linked to
from the download page. And instructions for building Darwine on OS X are
available from Wine's wiki as well.

Just because it works in Linux doesn't mean its perfect. OS X for example
cant create a socket of type SOCK_RAW without root.

oiaohm · Post by **oiaohm** » Thu Mar 27, 2008 5:02 am

Windows one on the download page should be deleted. Reason its out of date. and its only a dll testing system not a full version of wine. Gives me too many bad questions in winehq on freenode. It gives too many people the wrong end of stick.

Solaris I can talk on it has another way http://blogs.sun.com/casper/entry/solaris_privileges No root required there. What is needed for wine can be give threw the default security system even better on a per process base. Root user there has been past for many years.

http://www.freebsd.org/doc/en_US.ISO885 ... uning.html
Freebsd found 1 really two this covers PC-BSD as well. But pure default root is not where wine should be running instead in a Freebsd jail preventing system wide harm.

Note Since OS X is freebsd related it might be the same. Still no reason to be running as pure uncontrolled root if it has the FreeBSD system. Some one with OS X skill need to research this.

Problem still is that users are going to use it wrong. Not read the Security of the OS and put the complete OS at risk.

So Linux and Solaris builds root should be just baned out right. Systems have a correct way around it.

Note trustedBSD has close to the same as Linux posix capabilities main freeBSD Line decided not to merge that at this stage but keep the jail system.

Most new FreeBSD would lack the skill to create a jail correctly to reduce wine to the same as a Linux capability boost.

Some how a generic security raising setup is needed.

Solarias, trustedBSD and Linux due to there permission system could be dynamic on a application by application base without major complexity. wine like sudo interface could even be used allowing admin to limit what users can even use the enhanced features. Since the user will be returned to there normal user with normal user filesystem access just with more network access.

Freebsd with jails will be messy.

Now if OS X only has old chroots we have a problem. If that is the case OS X users should be yelling a apple to lift there game one way or another.

Really we should not be light about this. Would have though in this day in age on a BSD Linux *nix OS these kind of limitations would be standard.

Ok as it turns out FreeBSD and Linux have gone two different ways to get there. There is still no valid reason to leave most of the install base using the wrong thing for there system.

I was hoping that people would at least have responsibility to research the other systems. Not just try to create a vague list of reasons. Linux is my most common system. There might even be a better way on freebsd.