[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]













 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Tue May 17 15:07:38 2005</li>
<li>from: jimpop at yahoo.com (Jim Popovitch)</li>
<li>in-reply-to: <<a href="msg00377.html">[email protected]</a>></li>
<li>references: <<a href="msg00313.html">[email protected]</a>> <<a href="msg00346.html">[email protected]</a>> <<a href="msg00348.html">[email protected]</a>> <<a href="msg00350.html">[email protected]</a>> <<a href="msg00351.html">[email protected]</a>> <[email protected]> <<a href="msg00361.html">[email protected]</a>> <[email protected]> <<a href="msg00377.html">[email protected]</a>></li>
<li>subject: [ale] Linux Distributions</li>

BUT, if the user has the capabilities to do those &quot;unrestricted&quot; things
(one could argue that formatting a drive or loading modules is
unrestricted), then any application the user runs can do those same
things.  So, in sort if the user doesn't have permissions to do
anything, the apps they run are restricted.

&gt; &gt; 
&gt; &gt; &gt; Unless you're going to spend the time with a fine-tooth comb 
&gt; &gt; &gt; to audit every piece of software that you run,
&gt; &gt; 
&gt; &gt; No need to audit software that you trust.  The fine tooth comb is needed
&gt; &gt; to set EVERYTHING up for a normal user to have access to gratuitous
&gt; &gt; system resources needed by everyday apps (iPODs, dvd burners, video
&gt; &gt; games, advanced sound card features (midi, etc).
&gt; 
&gt; First, I've not generally found that it IS necessary to open much up for 
&gt; a 'normal user': 

I personally don't think you are doing much on your PC then.  ;-)

&gt; most things--in fact, more things than you might 
&gt; expect--can easily be coaxed 

BINGO!  &quot;coaxed&quot; is the key.  Why bother coaxing a thousand things for a
user account, thereby opening those things up to other applications the
user runs.

&gt; [snip]  Let's say that you're browsing the 
&gt; Web, as root, and your &quot;trusted&quot; Web browser has bugs in it.  Let's say 
&gt; that some malicious person manipulates those bugs to wipe out your files 
&gt; - result as a regular user: nothing too bad.  Results as root: oh-oh.

If everything on the PC is specific to that one user (root or
otherwise), then there is no worse harm running the buggy app as root or
user xyz.  In fact a good argument can be made that you are introducing
a false sense of security by what you say above.  Do you REALLY know
what that buggy app just did?

-Jim P.








</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00396" href="msg00396.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kafka at antichri.st (George Carless)</li></ul></li>
<li><strong><a name="00471" href="msg00471.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> fd0man at gmail.com (Michael B. Trausch)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00313" href="msg00313.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> meson3902 at gmail.com (Mark Schill)</li></ul></li>
<li><strong><a name="00346" href="msg00346.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00348" href="msg00348.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jsheets at yahoo.com (Jerald Sheets)</li></ul></li>
<li><strong><a name="00350" href="msg00350.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
<li><strong><a name="00351" href="msg00351.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> Robert.L.Harris at rdlg.net (Robert L. Harris)</li></ul></li>
<li><strong><a name="00359" href="msg00359.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00361" href="msg00361.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kafka at antichri.st (George Carless)</li></ul></li>
<li><strong><a name="00368" href="msg00368.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00377" href="msg00377.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kafka at antichri.st (George Carless)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00385.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00387.html">[ale] Linux Distributions</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00377.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00396.html">[ale] Linux Distributions</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00386"><strong>Date</strong></a></li>
<li><a href="threads.html#00386"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread