I think Robertson's own example (of having your user data files wiped) is the best argument against running everything as root. Sure, you've lost all your data. If your account isn't root, though, the system itself is protected, including other accounts and things like your backup and restore software. You can log in on another account, such as root, from the console, wipe your now-untrusted user account and restore your data and everything from the last good backup you have. Annoying, but not fatally so. Had you been running as root, the damage would've been to not just your data but the entire system including system software. The only recovery would be to go all the way back to your original distribution CD, wipe the entire system including all the software you've installed from other sources and begin rebuilding your system from a blank disk. This is doable, but it's a major pain in the posterior and quite time-consuming compared to merely restoring a single account's home directory.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/321/31690#31690