alt Hacker NewsLinux is a single user system and should be treated as such. Run your services as root. Don't rely on unix user primitives for security.
Replies
Sohcahtoa82 • yesterday at 9:06 PM
This carries the same energy as "People will break into your car no matter what, so just leave your doors unlocked."
➕ show 2 replies
256_ • yesterday at 8:56 PM
I agree with the general sentiment. I treat anything running arbitrary machine code as if it has full access to a machine. I don't know where you get "run your services as root" from that, though. The principle of least privilege doesn't just apply to running malicious code, but running buggy code whose attack surface is exposed to evil-doers.
fragmede • yesterday at 9:07 PM
Running as root opens you up to a class of vulnerabilities (denial of service, mainly) that you can avoid by not running as root.
That said, running every process in its own micro VM is looking more attractive by the minute.