Re: Getting people to say nice things about Microsoft (Linspire repo)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les Mikesell wrote:
> And meanwhile you are so much better off just deleting your own
> files...   I'm sure you'll be thrilled that the OS is still intact
> and running after that happens.   While I agree that this is a 'best
> practices' thing and probably worthwhile in a multiuser scenario,
> I'm not sure its worth the extra effort when the user you normally
> run as has write access to everything that can't easily be
> reinstalled anyway.

One important benefit of running with limited privileges even on a
single user system is that it thwarts attacks that aim to usurp system
binaries and settings to further spread and damage other systems or to
secretly steal your data without your knowledge.

While it would suck to lose your files to an attack, it would suck
even more to have the attack surreptitiously install a key-logger that
stole all of your passwords while you surfed, or used your system to
attack others.

Running with the least privilege required to do your work makes plenty
of sense even in a single user scenario.  Just because it doesn't
prevent the one attack you outlined doesn't make it useless.

I also think that many folks overestimate how much extra effort is
required to run as a non-root user.  So you are asked for an admin
password every so often if you're configuring your system.  Big deal.
If you spend all day every day configuring your system, then you
should be savvy enough to use sudo from the command line or slick
enough to run as root all the time and work out the kinks in those
uncharted waters.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Nothing in education is so astonishing as the amount of ignorance it
accumulates in the form of inert facts.  --Henry Brooks Adams

Attachment: pgpM1BL9kehgP.pgp
Description: PGP signature

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux