On Fri, 2005-11-11 at 10:35 -0500, Keenan Smith wrote:
Since an application like OpenView is required to be available from
every node in a network, running it as root seems to me like a pretty
big vulnerability, if someone were to identify a hole and exploit it.
To begin with we have Precedent:
http://www.ngssoftware.com/advisories/hpovrma.txt
http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01138
So this is not a "what if" situation.
As a long-time application developer, I've found that requiring root
access usually means that the developer is lazy or at best, following
bad programming practices.
Absolutely, much of this perpetuated by the OS, but no doubt it's the
ISV's responsibility.
In general, what does the collective wisdom of the group say about
something like this?
Can't speak for everyone else, but generally I'd say least privilege is
accepted as a base standard for good application development,
disregarding it is a major failing.
Does any application require root access? A firewall? A network
management tool? An authorization/authentication server?
Most OS's let you control access to resources enough that this is not a
requirement, there are a few occaisons when it is required, but it's a
trade of between development time and security. I don't think trades of
base principles such as this are acceptable, if they can possibly be
avoided.
And if it does, is it "really" required or is the requirement a result
of developers who don't want to or were not given the time to properly
code and configure the application to run as a user other than root?
Usually, it's the "not given" but there is a lot of "don't want" in
there too in my opinion.
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog: http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
