Getting people to say nice things about Microsoft (Linspire repo)

Todd Zullinger tmz at pobox.com
Thu Jan 25 16:32:13 UTC 2007


Les Mikesell wrote:
> And meanwhile you are so much better off just deleting your own
> files...   I'm sure you'll be thrilled that the OS is still intact
> and running after that happens.   While I agree that this is a 'best
> practices' thing and probably worthwhile in a multiuser scenario,
> I'm not sure its worth the extra effort when the user you normally
> run as has write access to everything that can't easily be
> reinstalled anyway.

One important benefit of running with limited privileges even on a
single user system is that it thwarts attacks that aim to usurp system
binaries and settings to further spread and damage other systems or to
secretly steal your data without your knowledge.

While it would suck to lose your files to an attack, it would suck
even more to have the attack surreptitiously install a key-logger that
stole all of your passwords while you surfed, or used your system to
attack others.

Running with the least privilege required to do your work makes plenty
of sense even in a single user scenario.  Just because it doesn't
prevent the one attack you outlined doesn't make it useless.

I also think that many folks overestimate how much extra effort is
required to run as a non-root user.  So you are asked for an admin
password every so often if you're configuring your system.  Big deal.
If you spend all day every day configuring your system, then you
should be savvy enough to use sudo from the command line or slick
enough to run as root all the time and work out the kinks in those
uncharted waters.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Nothing in education is so astonishing as the amount of ignorance it
accumulates in the form of inert facts.  --Henry Brooks Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070125/c3b26023/attachment-0002.bin 


More information about the users mailing list