Wednesday, April 27, 2005

Security Principle: Separation of Privilege

There is an excellent article on Securityfocus.com by Daniel Hanson that talks about the downfall of running any system as an administrative account. Daniel makes an excellent reference to the Linspire way of doing things, which follows Microsoft and runs all users as root. As Daniel so eloquently points out, running as root is like putting all of your vegetables in the same pile -- if one of them begins to rot, the rest will most likely begin rotting and you will have no more vegetables left. On the other hand, if you put restrictions on your users and run with Least-privilege User Access, you will be able to maintain the integrity of your system. One of the fundamental elements of Information Security is integrity (CIA) -- which is making sure that your data is the same now as when you put it there. If you run all of your users as root, or even you run as root as you surf the web and check your email, you run a significant risk of losing control of the integrity of your data.

It is always easier to run as root until you lose some data. This can be compared to the person who doesn't believe they need to backup their data -- they will quickly change their mind after they lose critical data (although some people never do learn and that idea must be applied here). If Linspire has to go through the same maturity lesson that Microsoft has gone through then it will be a stain on the reputation of Linux as part of the operating system.

No comments: