[ale] Linux Distributions

Michael B. Trausch fd0man at gmail.com
Wed May 18 03:29:30 EDT 2005


Jim Popovitch wrote:
>>
>>Which is precisely the reason that the Windows systems on the Internet
>>are the ones that are vunerable and spread vunerabilities.  
> 
> 
> That is incorrect.  There is nothing root or Administrator specific that
> enables the spreading of vulnerabilities.  Can root priviledges help?
> sure.  Are they necessary? no. 
> 

It's a matter of the design of the system.  If you can't get root, from
being a user, then you can't attack as easily, by a LONG SHOT.

Things are MUCH harder to attack that way.  Period.  I didn't say that
it's impossible; you're making that assumption.  I need not tell you
what assuming does.

> 
>>It's not
>>data that people are after, it's the machine itself.  Be it for
>>processing power, storage, whatever, in the world of the personal user,
>>it's not the data that matters.
> 
> That's not necessarily universal either.  It depends on the data and the
> computer itself.  A computer on a dial-up modem is more value for it's
> data.  A laptop in suspend mode is more valuable for it's hardware. ;-)
> 

Users who attack things nowadays, are looking for zombie machines.  They
don't want the data on the machines for the most part; they typically go
after corporate networks if that's what they want.  Again, you're going
further then what I'm saying and making it into a blanket.  Sounds to me
like you're fishing for something else to pull out of what you're making
your assumptions from.

> 
>>In the world of corporations, it's data that they want, and yet they
>>still get to it, many times, because of something they knew that the SA
>>didn't.
>>
>>XP machines should have users, but again, the current releases of
>>Windows are broken enough that you can do *NOTHING* as a user, not even
>>install a program in your own home directory in your profile, as you can
>>in the UNIX world, provided that you get a static binary or a C
>>compiler, and your /home partition is not noexec.
> 
> 
> Show me a CompUSA, BestBuy, etc user that can understand that, yet alone
> do it.   --- 1001 points now. ;-)
> 

There are ways to make the system do it for them, without giving them
root privilege, and if they want to work their way to an "advanced"
user, they can figure the rest out on their own.

> 
>>I've heard that Microsoft is claiming to follow a more Unix-like
>>permissions strategy, however, I've not verified the authenticity of
>>that information myself yet, so I consider it to be a rumor.  However, I
>>think it could be useful.
> 
> 
> Currently XP and Win2K have a much more powerful user permissions
> strategy.  If anything UNIX could gain from Windows in this area.  How
> many users or groups can you give access to your /etc/clearcase
> directory?  What if you already have NIS+ groups for devel, users and
> admins and you don't want to re-create another group with all those
> users in it?  ;-) 
> 

Are you ignoring the ACL functionality that is now present in the
kernel?  Yes, I do believe you are.

	- Mike

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list