I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.

I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.

I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.

This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?

  • dbx12@programming.dev
    link
    fedilink
    arrow-up
    8
    ·
    11 months ago

    Without any judgement: why are your servers running X11? Just because you dislike SSH’ing to them?

    • Marxism-Fennekinism@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      4
      ·
      11 months ago

      Mainly that. I want to be able to have multiple terminal windows open and have them stay open independent of my main PC. Part of the reason I have a file server instead of plugging all the drives into my PC is so I can offload processor heavy operations onto it (namely making archives and compressing files for long term storage) so I don’t have to use my PC for that.

      People have mentioned programs like screen but IMO it’s way more annoying to juggle multiple terminals with it than if they were just windows, and also screen doesn’t scroll so whatever goes beyond the top edge is just inaccessible which I find really annoying. I’ve also been screwed by mistyped file operations on the terminal before (deleting stuff I didn’t mean to mainly) and I just find it safer to use a GUI file manager where it’s a lot harder to subtly mess something up and not notice until it’s too late.

      • Hexarei@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        screen doesn’t scroll

        Screen (and any other muxer) can scroll just fine. You just have to learn how to do it in each one. Tmux, for example, is ctrl+b [ to enter scroll mode.

        mistyped file operations

        Get a good TUI file manager. I use and recommend ranger.

        • tslnox@reddthat.com
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Screen uses Ctrl-a Esc (you press Ctrl+a, release them and then tap Esc, then you can scroll with arrows or pup/pgdown)

      • blobjim [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        tmux has long been the better replacement to screen. SFTP makes it so you can use desktop software for file system operations.