[ale] Linux Distributions
Michael B. Trausch
fd0man at gmail.com
Wed May 18 15:54:29 EDT 2005
Jim Popovitch wrote:
>
> That seems to be one of the most ardent reasons for having an
> unprivileged user account. And it is a valid one. I would add
> though that the chief reason Windows doesn't have this problem is
> that access controls are set accordingly out of the box (seriously,
> why should anything in /bin ever have w perms?) AND Windows allows
> you to undelete things that were mistakenly deleted.
>
> If a user is smart enough to not "rm -rf /", and is comfortable
> enough to not need to undel something in /bin, or the system has the
> proper permissions, ACLS, etc., then it seems safe to run as root in
> this regard. The "rm -rf /" issue is not a consequence of using
> root, it's a consequence of the application (rm) not verifying and/or
> not allowing undelete. Now, if I wanted to troll I would add that
> you can blame the underlying OS for not protecting system binaries.
> But I won't. ;-)
>
The OS has protections in place that make the additional bloat of which
you speak, unnecessary.
Windows doesn't protect it's files as diligently as you might think,
either. I wouldn't rely on it's internal functionality as far as I
could throw a mainframe server. I've personally seen it fail a great
deal, as well as it's much-famed "System Restore" functionality. Hell,
the machine I currently am forced to use can't even be bothered to run
'autochk' successfully at startup. It appears that it tries to run
after Windows has granted exclusive access to the system drive to
itself. *shrugs* How smart is *that*?
I still have yet to see a Linux system fail to run fsck successfully on
startup, unlessed the filesystem was "fscked". :-P
The point is that running without root access is something that enables
you to have a clear division of protections that isn't exactly easy to
surpass in a properly configured system.
And yet, if you really want to be that stupid, the system gives you the
choice to do so.
But it would make me cringe to see every user running as root all of the
time. That would keep the Internet open to the attacks that it's been
subject to since Windows became a clear player on the Internet.
- Mike
--
Michael B. Trausch <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/ Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934 FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG? Key at pgp.mit.edu, Please Encrypt E-Mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
More information about the Ale
mailing list