On Mon, Apr 18, 2005 at 11:55:03PM -0700, Stewart Stremler wrote: > begin quoting Todd Walton as of Mon, Apr 18, 2005 at 10:59:04PM -0700: > > "I defy anybody to tell me why is it more secure to not run as root. > > Nobody really has a good answer. They say "oh, yeah, it is!", but it > > really isn't." > > > > That's what he said. He said that running without root privileges is > > not more secure than running with them. > > /. picked up this article, and despite a lot of heat and noise, nobody > _has_ provided a good answer (as of when I read the comments), at least > for a single-user (i.e. home) box. >
My understanding is that the real danger is that root can make a mistake and hose the box. That's a different matter. > And nobody has even pointed out that if I can compromise your user account > on your single-user machine, I can also (eventually) gain root. > Without physical access to the console? How? -- Lan Barnes [EMAIL PROTECTED] Linux Guy, SCM Specialist 858-354-0616 -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
