On Tue, Dec 04, 2001 at 11:56:19PM -0600, Jor-el wrote: > Hi, > > Why is running Netscape as root considered to be a security > problem? I just tried installing vmware on my system and it needs root to > install, and it searched for Netscape. The installer, fortunately, was an > intelligent one and proceeded with the install after I cancelled its > search for Netscape (it said the install help wouldnt be available without > Netscape).
Well, it's stupid to surf as root, because there *might* be some uncovered security holes in Netscape, and if you surf as root, any malicious things a web-page abusing such a hole does, have the potential to do damage to the whole machine, not only the user running it. In addition, you might revel that a probable unix-machine is running at such and such IP, and there is a root-user there. However, security by obscurity never was that effective, so this is not that large a problem. Running netscape as root to view some local html pages is not that much of a security risk, but it depends whether or not you trust the source of the web-pages. > If it is something really stupid to run Netscape as root, I'd like > to point out to VMWare that their requirement to have Netscape for the > install is bad. Depends how they did it. If it was to render local web-pages, it can be forgiven. -- - Vegard Engen, member of the first RFC1149 implementation team. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]