[ale] Linux Distributions
Jim Popovitch
jimpop at yahoo.com
Tue May 17 23:09:35 EDT 2005
On Tue, 2005-05-17 at 21:43 -0400, Michael B. Trausch wrote:
> The point is that if you're running as root, you're effectively making
> it that much easier to replace binaries. That's the point. That's the
> security-smart reasoning behind it. You're then bypassing any sort of
> protection that is there to help you as an SA keep it intact and reduce
> your workload later. init, runs getty, and it's own scripts, protect
> them, and you're more secure then just running as root.
If that is it, and only it, then it is a weak reason to require a second
priviledged user account just to protect binaries. Mount things ro, or
chattr, (something like MS System Restore), etc., but a second
credentialed account (root) seems like a more vulnerable solution and
one with a false sense of security.
-Jim P.
More information about the Ale
mailing list