begin quoting John H. Robinson, IV as of Tue, Apr 19, 2005 at 10:18:12AM -0700: > Stewart Stremler wrote: > > begin quoting Tracy R Reed as of Tue, Apr 19, 2005 at 03:51:48PM +0700: > > > I think even single users would like to prevent having their operating > > > systems files trojaned. They may not realize it but if they really > > > understood the issue they would. They pay Lindows to handle these > > > details for them. I think Lindows is letting them down. > > > > I don't think the 'average' single user _cares_. The point is that > > there *data* is what's important, not the OS. Not the applications. > > All that can be recreated. What can't be (easily) recreated is their > > data. > > One nice little trojaned system application, and all your data now > belongs to me. You will never know. For I am root, and I 0wn j00 b0x. Run _any_ untrusted code on a single-user box, and all the data is compromised. Full stop. Root is not required, as there's just one home directory and the running malicious process has access to that.
> This is why you should not have everything as root. On a multi-user system, yes. I'm artifically limiting it to a single-user situation. > Not only do you want to protect the integrity of your data (trojaned > system apps can destroy that too! As well as buggy, but the buggy ones > will get fixed as bugs are noticed. Who is watching for trojans?), but > you want to protect who gets that data. Again, that's a valid and useful argument for a multi-user system. But not for a single-user system. > Yes, I know, running as non-root does not protect against all vectors of > data leakage. Why give more opportunities than you need to? Security in > depth. That's a niche catch-phrase, but it isn't a very good argument. The root/non-root distinction on a single-user box isn't "security in depth". It's "an obstacle to the user", which, as we see, is being subverted in the name of convenience -- as expected. What does the root/non-root distinction _give_ me on a single-user box? The claim is that it doesn't add anything to security. The counter-claim is that it adds 'security in depth'. The only argument I've seen thus far that has held any water was for dual-boot systems. > Also, turn off all your services. Even ssh. Yup. For a single-user system, NO SERVICES should be the rule. Don't run 'em, block incoming connection requests, etc. -Stewart "My FTP doesn't work!" Stremler
pgpLB0mHw5ISV.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
