On Sat, Jun 14, 2008 at 4:25 AM, arne anka <[EMAIL PROTECTED]> wrote: >> will tell you that having those kind of permissions systems when the >> INTRUDER has physical access to the device is next to pointless. > > the om is connected via wlan or bluetooth -- thus allowing hacking into it > (if it is not posiible right now it will some day). > thus the user does not necessarily notice if there's an intruder. > second: what ways to boot the om _without_ destroying all data? if you > need to hack the password for the root account to be able to manipulate > existing data, there's another fence to jump. > > >> What benefit does havign things like OPKG SUID give us that having >> opkg run as root doesn't? > > only opkg is run, not everything possible. > logging in as root opens a world of ways to harm your data, either by > accident or deliberately. > expoliting suid requires a bug in the program suid'd. > > >> User "John" running sudo rm -rf /* is better than root running "rm -rf >> /*" because...? > > see above. > you can configure which commands/programs may be run with sudo. > and user john is not every user -- a user able to run sudo needs to belong > to a specific group, configurable as well. > >> If you want security, unprivaledges users must NOT >> EVER be able to run privaledged commands. > > see above. > >> have various roles. This assumption doesn't exactly hold when the >> entire filesystem is small enough to be put in one's pocket. > > the om represents a device more powerfull than the computer linux was > developed on. > > i am not sure i understand you correctly, but for me it sounds like you > saying user/group separation is meaningfull for servers only (and only > because physical access can be prevented), for end user computers, laptops > specifically, it is a waste. > if so, you are pretty much alone with this understanding. > > what bothers me: as far as i understand the vast majority of applications > is ported from existing linux distributions or just recompiled -- so, why > would one disable the user/group principle the apps obey on their native > platform? > ubuntu for one works rather well with that wheel/sudo way and even on > non-ubuntu systems users are able "to run a lot of root applications such > as rdate, power off, opkg, etc." w/o beeing root all the time. > > _______________________________________________ > Openmoko community mailing list > community@lists.openmoko.org > http://lists.openmoko.org/mailman/listinfo/community >
_______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community