[ale] Linux Distributions

Jim Popovitch jimpop at yahoo.com
Tue May 17 23:09:35 EDT 2005


On Tue, 2005-05-17 at 21:43 -0400, Michael B. Trausch wrote:
> The point is that if you're running as root, you're effectively making
> it that much easier to replace binaries.  That's the point.  That's the
> security-smart reasoning behind it.  You're then bypassing any sort of
> protection that is there to help you as an SA keep it intact and reduce
> your workload later.  init, runs getty, and it's own scripts, protect
> them, and you're more secure then just running as root.

If that is it, and only it, then it is a weak reason to require a second
priviledged user account just to protect binaries.  Mount things ro, or
chattr, (something like MS System Restore), etc., but a second
credentialed account (root) seems like a more vulnerable solution and
one with a false sense of security. 

-Jim P.



More information about the Ale mailing list