1

I understand why root access should be protected in general, especially in the context of a server environment. An unknown party can essentially control everything you do on a computer remotely without you even realising and that is obviously a huge issue. However, isn't it possible to do very bad things without root access, coming from the point of view of a personal computer (i.e: not a server)?

Usually, all of your important information is in your /home/ directory, so any application that runs under your user has access to it. As well, if they have access to your /home/, they have access to your personal bin/ directory, where they can put their own special binary if they so choose. Even if that is easy to find, they could hide their tracks by sticking a often-used binary that requires root access in there that simultaneously takes your password, does the thing you want to do with it, then do something nasty in the background, then delete that same binary once it is done?

Perhaps I am missing something obvious, but is root access really that necessary for a would-be hacker to mess with someone's personal computer? Shouldn't we be more concerned with any code we run no matter what level of authorisation we give it?

Timidger
  • 165
  • 4
  • Related: [Why do mobile apps have fine-grained permissions while desktop apps don't?](http://security.stackexchange.com/q/83692/2138) – user Mar 16 '15 at 12:03

1 Answers1

2

Protecting the root account makes cleanup much easier: if an attacker can't tamper with the kernel or most of the programs, it's much harder to hide malicious code.

It also means they can't tamper with the antivirus and other protection systems.

Mark
  • 34,513
  • 9
  • 86
  • 135