[Dev] processes running as root

Carsten Haitzler (The Rasterman) tizen at rasterman.com
Mon Aug 11 22:55:13 GMT 2014


On Mon, 11 Aug 2014 17:27:17 +0200 Valentina Giusti
<valentina.giusti at oss.bmw-carit.de> said:

> Hi Tizen developers!
> 
> according to the wiki page 
> https://wiki.tizen.org/wiki/Security:SmackThreeDomainModel, in Tizen 3.0 
> there are processes running as root. In the AMD Multi-User wiki page it 
> even says that the AMD daemon runs "as root as in single user mode".
> 
> During the workshop in Vannes last week, I got the impression (or at 
> least I wrote so in my notes) that no process in Tizen is allowed to run 
> as root: at most, processes can be run as setuid root for a limited 
> period of time.
> 
> Are my notes from the workshop valid or is it actually true that some 
> processes are run as root?

i don't know what this workshop was going over, but i think it was trying to
give a strong message - do not run things as root EVER. this is not strictly
true. there are times when you do need to run as root, but they are rare and
very special. every one of these times requires jumping through some hoops to
make it happen.

the reason such advice sounds so black-and-white (no root EVER!), is because in
the past a lot of developers who don't know unix/linux port stuff they have to
it or write new things, and it's "easier to just run as root" so they don't
have to be careful, jump through hoops etc. etc. and this is something that
happened to tizen early on. that and having fixed disk locations
(/opt/dbspace ... need i say more) for USER data that should be in $HOME. lots
of system daemons ran as a system service when they should be a user level
SESSION service.

-- 
Carsten Haitzler (The Rasterman) <tizen at rasterman.com>


More information about the Dev mailing list