-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stewart Stremler wrote: > A layer that doesn't add much isn't worth the overhead.
Are you telling me that you log into your box as root? > Do we want 'security in depth'? Why not TWO passwords when logging in? > That makes it deeper! And autologout for some short time-period as > well. That's more secure. And lock-out-the-account on three failed > login attempts. That's more secure... Two layers of the exact same security (passwords) does not buy you anything. If they can breach one they can probably breach the other. > The security that comes from a root/non-root distinction on a single-user > machine is arguably not worth the tradeoff. At least, not at this time. But what tradeoff? That they have to enter a root password to use click-n-run? > So what's the second step? There are many more steps. Not running unnnecessary services is one you have already mentioned. Writing secure apps wherever possible (no gratuitous uses of live data, do not auto-execute things, etc) and so on. >>than Windows is indeed faint praise. But when you are being compared >>with Windows it does have to be said. > > > Why? Because people often ask "Why is it better than Windows?" that's why. > We should strive to be good, safe, secure, and usable, not "better than > them". It's a worthy goal in and of itself. Absolutely it is. > No trojans downloaded by a user-process can run. If I compromise your > system, I can't drop in my own shell-cum-keylogger into $HOME and exec > that when you log in. I can't download my own program to your machine > to start consuming your CPU cycles, or to get you to be a DDOS zombie, > etc. -- the most I can do (maybe) is to exploit a _running_ process, > which is cleaned up at the next reboot. In Windows-land it seems that things often get executed without even being downloaded and saved to disk. Or maybe they are downloaded into a temporary area somewhere. > The one advantage of the splatter-files-all-over-the-system approach is > that you can then apply these sorts of restrictions to the filesystems. > > But we're not keeping that in mind when we build our systems these days. > If you want security, it seems like that would be one of the first places > to start.... and if you had such an organization in place, you could then > *easily* justify 'not-running-as-root'. These restrictions are a good idea. SE Linux is the place to implement them. You can also then make exceptions for things like X. - -- Tracy R Reed http://[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCZbdG9PIYKZYVAq0RAg4LAJ9I05SAWBYikkYMAVrAbzAy1ZLHSwCfVaO1 Ay5xFgjIullpNUkXnoC5bnE= =GUVz -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
