Indeed. I have seen other pup's where seamonkey ran as spot ... until you updated it when it defaulted to run as root again. FatDog is much better in that respect.Anniekin wrote:One of the advantages in fatdog is the running of only internet apps as non privileged users, because that is where attackers come from, seems like the best of both worlds this way
What do you think?
The other vector however is X. Widely used, old code with known weaknesses (such as being able to see other users screens/keystrokes). Running X as root could be considered up there - not that far behind running a browser as root. Such that running X under a non-root userid is 'good practice'. Unfortunately X needs root, what OpenBSD do is they have a modified X where only the bare necessities are run as root, everything else is put under restricted userids. Otherwise if say running a old browser with known remote exploits as spot opens up remote spot access, where spot can then view all other X windows/keystrokes, then if one of those other windows is entering the root password - then spot can use that to su into root. If you only run root in another cli console (ctrl-alt-fn), then that exploit is eliminated. Yes you forego some simplicity, having to ctrl-alt-fn to mount a drive, install a program, shutdown/reboot ...etc. however in practice you tend to spend relatively little time doing those sorts of actions especially once a system is established. For me for instance ctrl-alt-f3 into a tmux/mc session running as root and navigating to a shutdown script, or having a alias "s" to invoke shutdown -p now ... or whatever isn't that much different to opening the menu in X to locate the shutdown menu entry and clicking that.