Quoting "Pier P. Fumagalli" <[EMAIL PROTECTED]>:
> I keep my stance, if I see someone saying "running (put your favourite
> service here) as root is safe", as you did, I'll flame him. Think TWO
> steps ahead, ALWAYS.
>
> Pier (security conscious)
If I may ...
First of all, I have not read the thread being referenced here, and I have no
idea who said what or why. Also, I grew up in the U.S., so I know absolutely
_nothing_ about soccer =)
I'm sure that Pier appreciates the effort of at least *trying* to help out with
the user list, probably more than most. Most of us, myself included, don't
spend nearly as much time as we should helping out over there. Security is just
one of those issues you sometimes have to scream about =) If all projects out
there had a few people like Pier who were willing to scream about it, life
would be alot easier.
That said ... as someone who's job description often involves security
consulting and locking down Linux boxes, I just need to say this, for the
record: PLEASE, FOR THE LOVE OF ALL THAT IS DECENT AND HOLY, NEVER SUGGEST TO
SOMEONE THAT THEY CAN SAFELY RUN _ANYTHING_ AS ROOT.
There are a some system-level process that need root-level access, but I'm not
talking about that. I'm talking about general software components. No matter
how secure you think an application is ... it isn't. Just look at the whole
BIND fiasco a few months back. Everyone stopped worrying about who BIND was
running as, because there hadn't been any holes discovered in *years*. They got
lazy. So when someone did eventually find a hole, countless people got a quick
lesson in security ... the hard way.
So when people ask, please don't tell them to run anything as root. In fact,
tell them quite emphatically NOT to. Run a process that binds on a high port as
root, and you are completely insane. Run a service on a well-known port as
root, and it just becomes question of "when", not "if", some script kiddie will
make you his jail bitch. I personally know ALOT of people who stopped using
BIND when that whole thing went down, even though it was mostly their own fault
for not their scripts set up right. Let's not let this happen to Tomcat,
because in the post-Microsoft world, users are alot less forgiving of security
problems.
- Christopher
