Comment by xxpor
15 hours ago
Linux is a single user system and should be treated as such. Run your services as root. Don't rely on unix user primitives for security.
15 hours ago
Linux is a single user system and should be treated as such. Run your services as root. Don't rely on unix user primitives for security.
Running as root opens you up to a class of vulnerabilities (denial of service, mainly) that you can avoid by not running as root.
That said, running every process in its own micro VM is looking more attractive by the minute.
Half the point is that you should always assume that there exists a complete LPE bug.
But yes, micro VMs are a great idea!
Everything in this comment is wrong.
Technically yes. Practically, I disagree.
The part where you run everything as root is particularly stupid. But yes, user isolation has been weakened quite a bit.
This carries the same energy as "People will break into your car no matter what, so just leave your doors unlocked."
You say that, but I know someone whose house had their front door kicked in by burglars even though it wasn't even locked.
The energy here is "so don't leave anything valuable in your car".
Unfortunately that is not what they proposed. To stretch the automotive analogy too far, you could say: if you invite a carjacker in, their seatbelt is not going to stop them from carjacking you.
4 replies →
I agree with the general sentiment. I treat anything running arbitrary machine code as if it has full access to a machine. I don't know where you get "run your services as root" from that, though. The principle of least privilege doesn't just apply to running malicious code, but running buggy code whose attack surface is exposed to evil-doers.
https://xkcd.com/1200/