Re: Root in FC-10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2008-12-06 at 19:34 -0500, R. G. Newbury wrote:
> Mikkel L. Ellertson wrote:
> 
>  >After all, we do not want to see Linux systems that are as insecure
>  >as Windows systems are by default. Running as root all the tine
>  >defeats most of the security of a Linux system.
> 
>  >Mikkel
> 
> Well how *exactly* does running *as root* defeat *most* of the security 
> of a linux system. Sorry but that is BS.
> Virtually any exploitable point allows an escalation by way of further 
> exploit. If and only if, it is possible to ensure (to 100%) that no 
> exploit can be escalated to provide root level privileges, is it 
> reasonable and logical to claim that not using root, is "safer" than 
> using root. It has never been explained to my satisfaction how the 
> supposed 'sandbox' of being user in fact adds any extra security to the 
> computer.

Becuase it is not just a "sandbox", but a permissions thing.  Processes
a user can start don't have write access to the global system.
Processes started from a root account do.  Someone will no doubt say
that this can be overridden, but it is more difficult than just having
an open invitation to the entire system file structure as you do when
root.

Regards,
Les H

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux