Quote:
Originally Posted by 9613315400
t
But how could a user over the internet make a script, and let it run onto my PC, unless i run it by myself??
Someone could DCC something to you on IRC.
If the IRC client has a discovered exploit, and if someone issues a CCTP, finger, whois...etc, to you, instead of getting information about your account, the exploit could be made to run a system command, causing damage to your system.
All the known issues today never means tomorrow something will not be discovered which could be extremely damaging.
Running as root may be OK today, but tomorrow a discovered hole in a program could be used to attack your system. Not all discovered holes in software code are public knowledge either.
If your box becomes compromised, then it could be used as a zombie to partake in further attacks.
This undermines one of the reasons to use GNU/Linux, is its security.
Is there really a reason you must be a logged in as root?