On Tuesday 19 April 2005 12:37 am, Joshua Penix wrote: > Tracy R Reed wrote: > > "hardcore geeks feel differently", why do you think that is? It > > couldn't be because they've learned a few things about security during > > the many decades they have been using computers have they? > > Hardcore geeks feel differently because they run Linux on servers or run > multi-user desktop Linux machines where user privileges matter. > > Answer his question - on a single-user desktop machine, why is it more > secure to not run as root?
When you think about the real-world single-user computer case, I at least
come to these conclusions for security:
1) Make it so that you still have to use a login and password to make the
system usable when you're sitting at it. By all means, don't make it easy
for anyone to just sit down and automatically have full access. Set your
screensaver to require a password after 5-10 minutes (or 15, if you're
prone to staring at your screen for quarter-hours without doing anything).
make it ask for a password instead of going straight to your environment
when you start it up.
2) Run a "personal" firewall on your computer. Block everything inbound
except what you well and truely need (ssh, I'd wager, and the various Samba
ports if you need to share your files/printers with your other home
computers). Everything else will automagically be taken care of by the
stateful and connection-tracking nature of Linux's firewalling system.
Ideally, there'd be an option on a fancy control panel to ask questions
like:
I would like other computers to be able to reach my computer for:
[ ] Remote Shell access (SSH)
( ) From local network only (my subnet)
( ) From any computer
( ) From these computers: [list computers here]
---------------------
( ) Using passwords (normal)
( ) Require SSH public keys to be present
my system already (most secure)
[ ] Windows File/Printer Sharing (SMB)
( ) From local network only (my subnet)
( ) From any computer
( ) From these computers: [list computers here]
I'm no UI expert, but I'm sure everyone will understand what I'm trying to
get at here. Make it REALLY EASY for the system to be installed
secure-by-default and force the user to open things up from there, but make
it really easy on the user to activate the most commonly used services.
3) Protect yourself against Web and Email trojans, worms and virii. We all
know there are a great multitude of ways for this to be done.
Those, really, are the three things that need to be done in terms of a
secure single-user system.
Whether you run as a priviledged or unpriviledged user on the box is,
really, of no consequence, since any program running as your user id is
going to have full access to anything you care about anyway.
So Robertson has a point.
Multi-user systems, however, are a whole different beast.
Gregory
--
Gregory K. Ruiz-Ade <[EMAIL PROTECTED]>
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
pgpEFXEdzcIbO.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
