Spreading false information around pure bs. Without root authority any hacked executable will not have the authority to do an damage. You think you understand Unix but clearly you don't. The Unix OS will control the maliciousness, contain it. It was DESIGNED that way.
unprotected /dev/sda physical device.
What? How is that going to affect anything but that device? /dev is owned by root.
unprotected /dev/sda physical device
What? How is that going to affect anything but that device? /dev is owned by root.
If /dev/sda is inadvertently left writable then a hacker can directly modify the physical disk sectors of the disk. He can inspect the raw inode table to locate and then change the sectors containing /vmlinuz (or any other logical file) and modify said file with impunity, completely bypassing the security model of the file system.
Basically the 'root' security model is like a balloon. The tiniest pin-prick and it pops. The root model is Class D (with ACLs it might be a low C1).
Real security begins with a honeycombed compartmental model - basically sandboxes - so a screwup in one cell doesn't compromise the whole system. For example Internet Explorer runs in the 'Low' sandbox. For even stronger security you impose mandatory identification labels on principals and objects and use a formal methodology. On that score Vista/Win7 is roughly class B1 and is nearly B2. (Class A1 requires a mathematically verified formal design such as the Type Enforcement model.)
I'm formerly the Principal Computer Scientist at Secure Computing Corporation (SCC) where I worked on classified DoD contracts and helped design a more-or-less Class A1 OS (Sidewinder), and later co-designed the first firewall for Microsoft Windows. So I do know a little something about computer security.
The only 'bs' being flung around is coming from you.