[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

















 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Wed May 18 12:43:31 2005</li>
<li>from: jimpop at yahoo.com (Jim Popovitch)</li>
<li>in-reply-to: <<a href="msg00552.html">[email protected]</a>></li>
<li>references: <<a href="msg00313.html">[email protected]</a>> <<a href="msg00346.html">[email protected]</a>> <<a href="msg00348.html">[email protected]</a>> <<a href="msg00350.html">[email protected]</a>> <<a href="msg00351.html">[email protected]</a>> <[email protected]> <<a href="msg00361.html">[email protected]</a>> <[email protected]> <<a href="msg00378.html">[email protected]</a>> <[email protected]> <<a href="msg00411.html">[email protected]</a>> <[email protected]> <<a href="msg00552.html">[email protected]</a>></li>
<li>subject: [ale] Linux Distributions</li>

Good points.  To me though, the risk is greater to my data than
to /bin.  /bin can be rebuild in 10 mins, /home can't.  (On a single
user system, the only thing in /home is the user directory)  So, while I
agree with your premise that privilege separation, selinux, ACLs, etc
all add to integrity, I think they only do to a minor point in the grand
scheme of things.  Privilege separation, selinux, ACLs, etc., don't
protect /home/jimpop, the area that is important to me (and presumably
normal Desktop users)

&gt; I'm explicitly trusting the hardware - kernel - init - libc - login
&gt; - PAM - shell chain, and limiting my exposure by not fully trusting the 
&gt; rest of what I run. You, however, don't do that. You implicitly fully 
&gt; trust all your software. When the software you use is buggy, you're more 
&gt; exposed to the potential results of those bugs. That's your choice. I 
&gt; don't agree that it's justifiable, but then it's your desktop.

First, I don't run as root and have never stated that I have.  The point 
of my involvement in this tread was to question the reasons behind a 20
year &quot;wives tale&quot; and to get at the root of the reason(s).  To say that 
all systems everywhere should have a minimum of 2 accounts (one privileged
and one not) is too broad a brush for me to paint with.

I don't blindly trust the software I use.  There is not practical way to trust
everything in a Linux install.  I do trust the distributor, and I trust
their security updates (to some extent).  However, this issue is really not 
relevant to a non-root install (at least for me) as the critical part of
my laptop system is not /bin, it is /home.  Anything in /home/jimpop can be
destroyed by any application I run.   So, application trust is necessary 
unless I personally take the time to test and verify all the applications 
I use.

-Jim P.


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00313" href="msg00313.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> meson3902 at gmail.com (Mark Schill)</li></ul></li>
<li><strong><a name="00346" href="msg00346.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> james.sumners at gmail.com (James Sumners)</li></ul></li>
<li><strong><a name="00348" href="msg00348.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jsheets at yahoo.com (Jerald Sheets)</li></ul></li>
<li><strong><a name="00350" href="msg00350.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
<li><strong><a name="00351" href="msg00351.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> Robert.L.Harris at rdlg.net (Robert L. Harris)</li></ul></li>
<li><strong><a name="00359" href="msg00359.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00361" href="msg00361.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kafka at antichri.st (George Carless)</li></ul></li>
<li><strong><a name="00368" href="msg00368.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00378" href="msg00378.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kaboom at oobleck.net (Chris Ricker)</li></ul></li>
<li><strong><a name="00387" href="msg00387.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00411" href="msg00411.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kaboom at oobleck.net (Chris Ricker)</li></ul></li>
<li><strong><a name="00422" href="msg00422.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00552" href="msg00552.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kaboom at oobleck.net (Chris Ricker)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00565.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00567.html">[ale] delay from postings via gmail</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00552.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00472.html">[ale] Linux Distributions</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00566"><strong>Date</strong></a></li>
<li><a href="threads.html#00566"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread