Is it actually dangerous to run Firefox as root?

I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.

I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.

I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.

This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?

Anticorp,

It’s about as dangerous as using IE in the old days, or Edge in administrator mode.

FishFace,

An overarching principle of security is that of minimum privilege: everything (every process, every person) should have the minimum privileges it needs to do what it does, and where possible, that privilege should be explicitly granted temporarily and then dropped.

This means that any issue: a security breach or a mistake can’t access or break anything except whatever the component or person who had the issue could access or break, and that that access is minimal.

Suppose that you hit a page which exploits the https://www.hkcert.org/security-bulletin/mozilla-firefox-remote-code-execution-vulnerability_20230913 vulnerability in Firefox, or one like it, allowing remote code execution. If Firefox is running as root, the remote attacker now completely controls that machine. If you have SSH keys to other servers on there, they are all compromised. Your personal data could be encrypted for ransom. Anything that server manages, such as a TV or smart home equipment, could be manipulated arbitrarily, and possibly destroyed.

The same is true for any piece of software you use, because this is a general principle. Most distributions I believe don’t let you ssh in as root for that reason.

In short: don’t log in to anything as root; log in as a regular user and use sudo to temporarily perform administrator actions.

P.S. your description of the situation shows you don’t know the nature of vulnerabilities and security - if you’re running servers then this is something you should learn more about in short order.

billwashere,

No if you leave it running and don’t use it.

GustavoM, (edited )
@GustavoM@lemmy.world avatar

That’d be the same as asking if leaving your house front door open is dangerous – it depends. If an ill-intended individual sees it open however, s/he won’t think twice to trash your home.

henrikx,

My goodness

ThankYouVeryMuch, (edited )
@ThankYouVeryMuch@kbin.social avatar

I just wanted to add that you can run gui applications through ssh with x11 forwarding, options -X or -Y (untrusted/trusted but at least in Debian back in the day they behaved the same). So if you wanted a gui file manager you run it in the ssh session on the remote server, sudo if you need but NEVER logged as root, and the window will pop on your local DE instead of having to run an entire desktop on each server

gnuhaut,

On a typical home user desktop linux setup, there’s virtually no difference between your regular user and root.

Access to your data, emails, passwords, installing software (in /home), access to LAN and so on are already possible without root permissions, so there really is not a whole lot that an attacker cannot do even without root.

And then, if you use sudo or su (or whatever) to switch to root with a password, escalating to root privileges is basically trivial for an attacker. An attacker can divert your PATH to compromised binaries. They could just replace “sudo” with their own little script that steals your password.

rufus, (edited )

Yes. Running anything as root is potentially dangerous. And a browser is a complex and big piece of software with many security issues that can be (potentially) triggered remotely. So it’s bad because of two reasons.

Btw a desktop environment also is a complex and big piece of software with potential issues. Running the whole desktop as root is another thing you wouldn’t do for extra security.

The proper way is to just create a user account and run the desktop and browser as a user. Open a terminal and ‘su’ or ‘sudo’ to limit root rights to the operations that actually need those permissions.

Just running everything as root certainly works. But you do away with all the extra layers of security and end up with something as secure as MS-DOS or a Windows in the 90s or early 2000s.

MimicJar,
@MimicJar@lemmy.world avatar

www.mozilla.org/en-US/security/…/mfsa2023-56/

That’s a link to the most recent release of Firefox and the security vulnerabilities that were fixed.

You’ll notice the first one listed says, “This issue could allow an attacker to perform remote code execution and sandbox escape.”

So if you visited a site that exploited that bug, it escaped the sandbox and ran whatever code it wanted to. Since you were running as root it could do anything it wants. Your device is now the property of someone else. Potentially all your data has been stolen. You probably didn’t even notice.

Now. Realistically. You probably didn’t get exploited. Your device may not be vulnerable to that particular bug. But new bugs are found, and fixed, and created every day. Can you be sure you weren’t exploited?

Let’s look at it a different way. Think of it like driving a car with no seatbelt or airbags. As long as you don’t crash, you’re fine. The car still works fine without seatbelts and you have more freedom to move your arms around.

Let’s look at it a different way. Do you ever lock the door to your home/apartment? Heck do you even close the door? Why not leave it wide open?

At the end of the day security is about layers and the trade offs for convenience. You can run KDE as root, and you can run Firefox as root. You’ll probably be fine. It’s like driving without a seatbelt or leaving your front door wide open, but you can do it. If you do drive with a seatbelt and at least close your front door, you can probably run KDE and Firefox as a regular user.

Dyskolos,

Just don’t do that 😁

I don’t get it anyway, if you login remotely, why don’t you just open firefox locally but on the remote servers? This makes not much sense.

But If you absolutely have to. … At least be careful with your surf-targets. A search-engine and wiki would most likely be fine. Some pron-, stream- or warez-sites? Nah. Surely not.

taladar,

but no one seems to be discussing how risky it actually is.

That is because people stopped doing it ages ago.

But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?

Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #