Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: Desktop on server : why (not)
From: Paul Warren (pdwFERRET.LMH.OX.AC.UK)
Date: Wed Aug 02 2000 - 18:23:23 CDT
- Next message: Paul Warren: "Re: vpop3 & vsmtp"
- Previous message: l0rtamus prime: "Re: about security policy"
- In reply to: Ryan Yagatich: "Re: Desktop on server : why (not)"
- Reply: Paul Warren: "Re: Desktop on server : why (not)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Aug 02, 2000 at 05:06:45PM -0400, Ryan Yagatich wrote:
> > Stupid question: why is a desktop (GNOME, KDE) necessarily bad on a
> > server ?
> more software to crash the machine, more chances for a potential "rooting"
> if the user logged in can access the data.
To expand slightly, the X server runs as root in order to access
hardware and it is true that video driver problems often result in a
complete lockup, although if you get a card and server that play nicely
together, this need not be a real problem.
What is a risk is sockets that may be listening on the network with
potential exploits. The X server itself may listen on the network
(think large-binary-running-as-root) as well as things such as the font
server and the ORB (for programs using CORBA). All of these can be
configured to not listen on the network - whether they do or not by
default depends on how security concious your distribution is.
The additional software for a desktop machine may include additional
suid/sgid programs, which are obviously a bad thing as they may offer
the second half of a two-step rooting.
Then there are non-security related reasons - if you're serious about
serving you probably want a dedicated server for performance reasons.