begin quoting Neil Schneider as of Tue, Apr 19, 2005 at 06:44:25PM -0700: > Stewart Stremler said: [snip] > > But that's just calling names, and it fails to address his basic > > point. > > I wasn't trying to address his point, only to say I wouldn't be a > member of any club he belongs to.
Introducing that in this discussion doesn't really seem appropriate,
then. It doesn't matter if I wouldn't stay in the same room as him;
if he's right, he's still right. Personal feelings don't have much
bearing, although they might serve as a good indicator of duplicity.
> > I don't think that's "don't care a thing". I think that's just a
> > matter of the inexperienced not understanding the ramifications of
> > the problem.
>
> NO, They don't care. They're only interested in what they can do with
> the computer, not whether it's secure. I deal with end users on a
> daily basis and believe me, they don't care. I told a CFO some years
> ago to get a radio, because he insisted he wanted me to open ingres
> ports on a firewall to allow him to listen on the web. He should have
> known better, but he didn't care. He just wanted what he wanted and
> security wasn't even in the equation.
"You security-minded types will figure it out." is what I've been told.
By more than one person. Including scary-smart people. But I keep
telling myself it's that they haven't thought it through...
[snip]
> > I've been ranting about some cavalier attitudes for years, to no
> > avail.
>
> Yet you seem to be supporting Michael's cavalier attitude.
His point hasn't been adequately refuted, although people keep claiming
otherwise. I don't want my side to be the one with spurious and empty
arguments. Better just one or two solid arguments rather than a ton of
worthless ones. And better to dispose of the worthless arguments before
they get trotted out to slaughter.
> > If they can compromise my system as root, they can compromise my
> > system as a regular user. I'm screwed both ways.
>
> No, that's the point. They can't because the user who they're sending
> programs to doesn't have permissions to run them. They'll send all
Come again?
Are we back to making /home noexec?
> kinds of crap through IRC and AIM to your computer. If you don't have
> the permission to install and run the code, you can't be compromised
> by it. Root has no such restrictions.
I still have to chmod +x a program before I can run it, even if I'm root.
> It's been a long standing rule
> on IRC that you don't IRC as root. Wonder why that is?
Appeals to authority don't give a plausible scenario as to how remote
agents can send programs to be run as root but not as user.
I still don't understand the mechanism that allows a remote user to
run a program on my machine if I'm root but not if I'm a normal user.
Google wasn't helpful. (Yes, I've been looking.)
[snip - challenge]
> I doubt seriously he'd accept the challenge. Since I can't stand him,
> I'll not invite him. Someone else is welcome to.
Heh.
[snip]
> > The argument seems to be _HOW_ is it less safe?
> >
> > A lot of people confuse multi-user system constraints with single-user
> > system constraints.
>
> Linux is a multi-user system. I don't care if there's only one user
> logged in it doesn't change it into a single user system. Linux single
> is single user. No network, no X, no multi-user. Sounds like a secure
> Linux system to me! :-)
Yup. But you /can/ spin up whichever of those you desire...
I seem to remember -- but I don't know if it's true -- talk about some
of the old big-iron systems having different kernels for single-user
versus multi-user. THAT would be a "true multiuser" system.
Linux uses the same kernel, does it not? So single-user isn't that much
different from multi-user -- it's just what you *choose* to start.
> > With just one user, the user's home directory is the most important
> > thing. That data is what must be protected.
>
> Login in single user mode then.
That's what he's doing, no? He has a single-user "linux" box.
[snip]
> > If it does, that's a separate issue, as it's no long a single-user
> > machine, but a server.
>
> If it logs you in anything but runlevel 1 it's mult-user.
No, if it has more than one user, it's multi-user.
[snip]
> > Argue against the argument, not the person.
>
> Since the standard reasons for not being root seem to be unacceptable,
> then the argument is lost, before it's begun. I'll not participate.
Not unacceptable, but inappropriate for the specified scenario.
The standard reasons for not being root apply to multi-user systems.
Single-user no-services systems are arguably not multi-user systems.
Use, not architecture, determines whether a system is multi-user or not.
[snip]
> > Really? Which distros?
>
> All the servers on my SuSE systems run as seperate users AFAIK. Only
I wasn't talking about 'run', but 'owned'. If you use "ls -l" on a
file installed by gimp, is it owned by 'gimp'?
> things running as root seem to be system services that need to.
> Everything else seems to be running under it's own user. I didn't set
> it up that way, though it's usually my choice, it's the default in
> SuSE and I think it is in Fedora too, though to be honest I've not run
> a Fedora system myself.
I've not looked at SuSE lately. Perhaps I'll have to check it out.
> > You've got that one backwards. If you're already accomadating them,
> > you might as well run as root.
>
> No, you're arguing that running as root is fine, so why do you care if
> the developers want you to in order to install their software?
No, I'm not, and if you're going to make up arguments to put in my
mouth, perhaps I should reciprocate? I have your implicit approval,
obviously, so now I just need to think of what I want you to say.
[snip]
> >> So what are your defensible arguments?
> >
> > Don't run single-user linux on a dual-boot machine.
>
> Run in single user mode and you can't be compromised.
Wrong again.
Let's watch Joe Random, booting single-user:
"Here, plug in this thumb drive/floppy/CDROM and run 'coolstuff.sh'..."
Whoops!
Guess what, Joe just got compromised! And single-user didn't help Joe
one little bit.
[snip]
[snip]
> > Where, in this thread, have I recommended installing packages in
> > $HOME?
>
> Not in this thread, but in past arguments on this list.
This current discussion is about a specific, limited, case. It's
not about general usage.
> You have been
> adamant at times about wanting to install packages in your home
> directory, for testing. You have complained about your inability to
> use a package manager to do so. If you mount the drive noexec, then
> you can't do that.
Indeed. Thus [out-of-order quote]:
> >> > Why would anything in /home need to be executable for
> >> non-developers?
^^^^^^^^^^^^^^
An important point that I fear you missed.
> Everything is a compromise. Running as root just compromises the whole
> system. If you want to run as root, maybe you should start in single
> user mode. :-)
There's those unsupported blanket assertions again.
And that doesn't seem to be a generic you. Can you back away from the
personal attacks, please?
-Stewart "'Everyone knows' is a great argument... from grandma." Stremler
pgpxj5D8iNtMf.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
