[ale] Linux Distributions

Michael B. Trausch fd0man at gmail.com
Wed May 18 15:32:16 EDT 2005


ChangingLINKS.com wrote:
> 
> "Sliding slope" argument. Period. We don't have 33% market LET alone
> the majority. Further, you OVERLOOKED many things that could make the
> system secure despite it being run as root. For example, you imply
> that there would be no strict firewall by default. You are only able
> to look at the FALSE hypothetical situation with current technology
> that happens to run in your house.
> 
> Thankfully, you are NOT my admin. Shame.
> 

I've already outlined why running at root is bad, period.  You clearly
have ignored all of the points that I made that show that I have not
overlooked the things that could, in your world, make the system secure.

The strong point to a system such as UNIX, which is way older then I am,
I might add, is the fact that it has clear divisions between users, and
between a super user.  While I'm not as educated on other UNIX systems,
as I am on Linux (and that is a problem that I've been slowly working to
remedy, since I'm in a workplace that uses other systems), I know that
there are reasons that they are there.  And I'm not a person that
blindly follows with what others before me have resolved as truth; I
like to question pretty much everything.

In the end, it's better to only use root, simply because of the
protections that are in place with root verses not root.  Could there be
more effecient ways to delegate privilege on an as-needed basis?  Sure.
 Are the ways that are available, fairly effective?  Yes, they are.

I again point to the argument of malware and the like.  It's an issue
that plagues Win32 based systems because of the permissions scheme.
Users can't make theirselves a regular user and get away with it,
because it cripples the system.  America Online, at least as of versions
8.0 and 9.0, can not run at all as a regular user in the "Users" group
on Windows, it must be run from a group in the "Administrators" group.
That's something that I found quite disturbing, honestly.

While a similar (and more strict) permissions system exists on Windows,
99% of the world, including corporations, bypass it completely because
it's pretty well impossible to manage.  There are times that when things
go wrong on a Windows system, you can't fix the problem, even when it's
a simple problem, without getting them to have privileges on it, if
they're not running as a privileged user.  Windows applications are
poorly designed in that they need Administrative privilege for
*everything*, even just changing what version of Java is associated with
what browsers for a particular user.

I look forward to the day that you can fix these problems without
needing Administrative permissions on a Windows box.  At least then, you
don't have to worry about viruses and malware attempting to get directly
into the system directory and corrupting and altering things there.  And
that's exactly the type of thing that doesn't need to be done in Linux.
 In Linux, you can be more sneaky about things, if you really want to,
because you can replace /bin/ls to send data back, if you're a user that
can remount / read-write, write a new /bin/ls, and chattr +i to it, and
your typical user is never going to know.

I can not see any reason why it's even close to justifiable to run as
root, in any scenerio, and especially in an end-user desktop
environment.  It will be a sad day if that's something that winds up
coming to be on the desktop.  And you know that what follows will be
lots of trash talk about how bad Linux is, and Microsoft will be a
happy, dancing corporation, because they won't blame it on people
running with an effective UID of 0, they'll blame it on the shortcomings
of the system and make it look so horrible that they'll have their day
back on the desktop yet again.

It could happen; Microsoft can remain a 100% solvent company for nearly
a decade without falling apart, which could be long enough to see what
it'd be like with Linux on the desktop.

	- Mike

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list