On Wed, 2003-04-30 at 12:09, Xavier Bestel wrote: > True, but nowadays PC are just that: Personal Computers, and if a > hacker/trojan/virus breaks in, the only important thing on the disk is > the (only) user's data. He won't care about the system 'cause he can > reinstall it from scratch if need be. And no, 99% of them won't have > fresh backups handy. > To these users, root/user separation is just a bandaid to not hose the > system by accident, nothing more.
Not quite. A hacker owning your account could at most do something like 'rm -rf ~/*'. This is really bad, but you could at least have something like an unerase mechanism in place at the filesystem level (if such a thing is currently available for the existing linux filesystems is another story, but I guess my argument still holds). If the hacker has root access he can do a 'dd if=/dev/random of=/dev/hda' and then there's no unerase that helps. It is still useful to have many levels of security, even if it's only one person that has interest on the data stored in the machine. Some of the most evanced security approaches for linux (see for example LIDS, http://www.lids.org) actually add a security level *over root*, that is, there are operations that even root cannot do, and that can only be performed by following a special authentication procedure, normally possible only directly at the console. Using such a thing for protecting actions like overwriting your hard disk, or erasing your log files is reasonable. Along the same line of thinking, It is also reasonable to keep the separation between root and normal users, even if there's only one user, and even if that user happens to also be root. Regards, M. S. -- Martin Soto <[EMAIL PROTECTED]> Universit�t Kaiserslautern - AG Software Engineering
