Torvalds:requiring root password for mundane things is moronic
Simo Sorce
simo at redhat.com
Thu Mar 1 03:38:54 UTC 2012
On Thu, 2012-03-01 at 00:51 +0100, Giovanni Campagna wrote:
> Il 29 febbraio 2012 23:51, Simo Sorce <simo at redhat.com> ha scritto:
> > On Wed, 2012-02-29 at 10:09 -0700, Chris Murphy wrote:
> >> On Feb 29, 2012, at 5:15 AM, drago01 wrote:
> >>
> >> > On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker <ndbecker2 at gmail.com> wrote:
> >> >> I think he's got a point
> >> >>
> >> >> http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_
> >> >
> >>
> >> My example is mDNS being blocked in the Firewall by default *and* it requires a root password to unblocked it. Completely retarded.
> >
> > Except that mDNS is a real security issue (because you can hijack name
> > resolution quite easily with it).
>
> Is it really any worse that real DNS spoofing? I mean, it is as easy
> to reply fake data to a unicast DNS request, if I'm on the same subnet
> (and thus can pretend to be the DNS server).
> The same protections should be used, that is DNSSEC and end-to-end
> authentication (SSH, TLS). This still leaves the real mdns area
> unprotected, but this is to be expected, and it's just an UI issue
> (that could be resolved once network zones land).
I am a big fan of network zones, it simplifies the concept for naive
users in a way that makes it usable.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list