Stewart Stremler said:
> What, the user has thrown the machine away?
>
> Security is a tradeoff.
And users aren't interested in security at all, because it always
interferes with getting what they want to do. So the argument is moot.
Give them no security and they will be happy. Their data will be
compromised or lost, but they will be able to do anything they want.
> The security that comes from a root/non-root distinction on a
> single-user
> machine is arguably not worth the tradeoff. At least, not at this
> time.
>From the user's point of view, no security is worth the tradeoff, so
arguing about it is useless.
>
> So what's the second step?
>
> What sort of things does the root/non-root distinction let us do that
> enhances security of the user's data?
>
>> than Windows is indeed faint praise. But when you are being compared
>> with Windows it does have to be said.
>
> Why?
>
> We should strive to be good, safe, secure, and usable, not "better
> than
> them". It's a worthy goal in and of itself.
I notice a trend here. You attack others defense of not running as
root, however I've not seen you make any serious suggestions about a
better alternative. You disparage se-linux, because you think it's too
difficult to set up an use, but again, you don't propose an
alternative. Are you just being argumentative, or do you have some
constructive contribution to make?
> No trojans downloaded by a user-process can run. If I compromise your
> system, I can't drop in my own shell-cum-keylogger into $HOME and exec
> that when you log in. I can't download my own program to your machine
> to start consuming your CPU cycles, or to get you to be a DDOS zombie,
> etc. -- the most I can do (maybe) is to exploit a _running_ process,
> which is cleaned up at the next reboot.
>
> It apparently breaks X, however.... :(
And is therefore more impractical than using se-linux.
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
Sometimes I wonder whether the world is being run by smart people who
are putting us on, or by imbeciles who really mean it - Mark Twain
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
