Root in FC10
fredsilsbee at yahoo.com
Sun Dec 7 02:49:32 UTC 2008
--- On Sun, 12/7/08, R. G. Newbury <newbury at mandamus.org> wrote:
> From: R. G. Newbury <newbury at mandamus.org>
> Subject: Re: Root in FC10
> To: fedora-list at redhat.com
> Date: Sunday, December 7, 2008, 12:50 AM
> > No - GUIs run as root are not as secure. A bug that
> would be caught
> > when running as a user may not be caught when running
> as root.
> A "bug" or a permissions error. Please explain
> how a BUG could or would be treated differently depending on
> the user?
> > The more code you have running as root, the greater
> the chance of
> > running into problems.
> This is illogical and not relevant to the point which you
> are attempting to make. The vast majority of user, including
> myself, do not write the code we run. And the exploit rate
> in code has nothing to do with the amount of code you have
> running. Lots of code is basically impervious to external
> exploit while being run, because it does not talk to or
> interact with the external world.
> If you are referring to the underlying OS, it ALWAYS runs
> as whatever, often as root. A 'root' user
> doesn't to my understanding run 'more' code than
> a user does...and in any event, all of that code is still
> there to be exploited whichever user is running on top of it
> (if that code is capable of being exploited at all).
> Then again, it is a lot easier to shoot
> > yourself in the foot running as root using the GUI.
> How may times
> > have we seen someone on the list that changed
> permissions, or
> > deleted the wrong file, and needs help to get the
> system running again.
> THIS HAS NOTHING TO DO WITH SECURITY. You are just trying
> to play 'nanny'. The saying is: "To err is
> human". We are ALL human. Get over it and stop trying
> to tie people's hands just because you will not be there
> to hold them. AND this has nothing to do with logging in as
> root. Any user, who through ignorance or stupidity (or both)
> changes permissions or deletes the wrong file, is NOT
> interacting with "security" when he does those
> things. He is using the OS, which does *exactly* what he
> tells it to do, whether or not that is what he thought he
> wanted it to do. And the only PROPER response to that, after
> the fact, is to explain what he did (fix the ignorance bit:
> "ignorant" from "does not know") and
> hope that he remembers it (you cannot fix the stupid bit).
> Oh, and say, Don't do that again.
> Sorta like your mother probably did many times when you
> were a child. But it is time to stop playing parent to
> -- fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
More information about the users