Torvalds:requiring root password for mundane things is moronic
Giovanni Campagna
scampa.giovanni at gmail.com
Wed Feb 29 23:51:49 UTC 2012
Il 29 febbraio 2012 23:51, Simo Sorce <simo at redhat.com> ha scritto:
> On Wed, 2012-02-29 at 10:09 -0700, Chris Murphy wrote:
>> On Feb 29, 2012, at 5:15 AM, drago01 wrote:
>>
>> > On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker <ndbecker2 at gmail.com> wrote:
>> >> I think he's got a point
>> >>
>> >> http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_
>> >
>>
>> My example is mDNS being blocked in the Firewall by default *and* it requires a root password to unblocked it. Completely retarded.
>
> Except that mDNS is a real security issue (because you can hijack name
> resolution quite easily with it).
Is it really any worse that real DNS spoofing? I mean, it is as easy
to reply fake data to a unicast DNS request, if I'm on the same subnet
(and thus can pretend to be the DNS server).
The same protections should be used, that is DNSSEC and end-to-end
authentication (SSH, TLS). This still leaves the real mdns area
unprotected, but this is to be expected, and it's just an UI issue
(that could be resolved once network zones land).
Just my 2e-2.
Giovanni
More information about the devel
mailing list