Although everyone, everywhere on every different distro and OS understands that unnecessarily high permissions is a security issue and the first account created for all OS is exceptionally so (eg root on Linux, administrator 500 on Windows), there is broad disagreement how and when to loosen security for Users, because normally forbidden tasks need to be done from time to time.
So, for example some Linux distros don’t allow Users to “su” to root at all which is when the User can elevate to actual root.
Other distros have severe restrictions even running “sudo” configured for impersonating root (think of you’re still “you” but doing things on behalf of root).
Even on MSWindows the “Administrator” account with UID 500 which exists on every machine is now hidden by default, and UAC has been implemented which is sort of like our Linux sudo.
Here in openSUSE,
We have a fairly relaxed attitude about invoking elevated permissions. If you understand what is happening and follow some simple rules, I don’t know that anyone has actually been compromised.
When you provide root credentials in openSUSE, that’s normally in a graphical console like YaST or a text console/terminal, windowed or not. Your elevated permissions are limited to what happens in that console… You might run an application directly, or you may invoke another “child” application which inherits elevated permissions. When you close the parent console, all child consoles should automatically terminate as well.
So, that’s a couple major rules to keep in mind…
Keep an eye on what is happening in those consoles that invoke elevated permissions and be aware if anything unexpected starts to happen.
And, most importantly… Close elevated consoles when you’re not using them because although it probably isn’t easy to take over a console, why take any chances.
As for Internet hackers somehow invoking or hijacking an open elevated console…
No one has yet reported such a hack.
Someone would have to at least pose and possibly advance a theory how such a hack might be accomplished before people would look at the possibility closely.
In general, the way various sessions and proc trees work should prevent stuff like, for example someone in a Web browsing session hijacking a running console on your machine. Long ago, there used to be support for, and then exploits associated with web browser application vulnerabilities, but many years ago people suddenly decided that web browsers shouldn’t have that kind of access to a machine. It’s still possible to open consoles in a browser, but those should be limited in their security context to the web browser itself. In fact nowadays, typically any command line functionality through a web browser should be controlled by APIs. Note that this is different than a “local logon” over a remote connection like SSH, which is always dangerous.
If you do want to tighten up security though…
Although I don’t know specifically of an AppArmor or similar policy-based security configuration that I can recommend(but may exist)…
- Consider making the root account’s credentials different than your User accounts.
- Consider inactivating sudo as a means to elevate permissions