On 06/02/16 00:18, Hendrik Boom wrote:
On Fri, Feb 05, 2016 at 11:39:15AM +0000, Simon Hobson wrote:
Of course, unless you physically remove support for the virtual
filesystem, then there's nothing to stop any program with enough
privileges to mount the filesystem when it wants.
And that's the proble with the root model of administrative software.
You either have all the privileges to do anything, or none. There's no
mechanism to be granted jusst the provileges actually needed.
hence the use of groups for specific purposes, with group ownership of certain
things ... but the core idea that the person who buys the gear is not ultimately
locked out of anything means that they cannot be protected from themselves if
they really insist ... that is as it should be. But they should be warned, and
not have nasty traps placed in front of them ... especially very nasty traps.
This shifts significantly if the owner of the gear wants to leave it physically
in the hands of a user they do not trust, then locking it down is reasonable.
Simon
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
