[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Jason Day jasonday at worldnet.att.net
Thu May 19 13:46:33 EDT 2005


On Wed, May 18, 2005 at 08:19:11PM -0400, Jim Popovitch wrote:
> On Wed, 2005-05-18 at 19:10 -0400, Michael B. Trausch wrote:
> >
> > You completely ignored the "if not root, software is harder to install
> > and viruses which attack the OS are harder to catch and such things are
> > harder to propegate".
> 
> I didn't completely ignore it, I just don't think it is relevant.  If a
> virus can "attack" anything in /home/user that is already a much worse
> situation.  If something "owns" /bin/ls I've already got worse problems.
> The fact that the virus could make it to /home/user (where user UID=0 or
> UID=10001) is the problem to solve, not saving the rest of the (already)
> sinking ship at that point.

This is the point I've tried to make over and over that you completely
miss.  Your argument is that to the user, the data is the only thing
that matters.  My argument is that the user has (or, in reality, should
have) an obligation as a "net citizen" to properly secure their box and
prevent the spread of malware.

In your view, a user can become infected with malware that turns their
box into a spam relay, a drone in a distributed botnet, a repository for
illegal porn or software, but as long as the user's home directory is
untouched none of that matters.  Users can remain blissfully unaware of
how their computers are used for nefarious purposes, because their data
is left alone.

> > This is also fact.
> 
> Yes, but not one that applies.

Finally, you admit that the spread of malware is made more difficult as
non-root.  At least that's something.  I would argue that it does apply,
for the reasons I gave above.  Since you don't seem to care what your
computer does, or how it is used, as long as your home directory is left
alone, can I have an account on your box? ;-)

Jason
-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9



More information about the Ale mailing list