On Tue, 19 Oct 2004 01:44:26 +0100, Jonathan Andrews <jon@xxxxxxxxxxxxxxx> wrote: > Bite me ! Tell me where i get in line. > Users should have the power to choose, even if you personally think its > a poor choice. Choose what? Choose to use less secure defaults? Choose to recompile software using less secure settings? Choose to write their own software? Here let me reparse what seth said with my "by default" clause post-processor and see if you can stomach my version: Disable root graphical logins..... by default Period. make it so gdm or kdm or xdm just exit... by default hell, you could make the xinitrc script handle it...by default: if your uid is 0 then you throw up a hate-filled messaged and exit....by default EOD.... by default I'll grant you that there are some bizarro pieces of software out there, but if they require you to be logged into X as root, that software has to be considered at the very least buggy if not malicious. But I see nothing wrong with making the default settings for gdm revoke all root user attempts at logging in..by default. And I see no problem taking a more aggressive stance by hardcoding a well commented root login check into xinitrc that anyone who wants to break the no root login must find and comment out. As a local admin, you would still have the choice to reconfigure gdm or the xinitrc script to lift those defaults. > If you have such a security fetish then go play with firewall rules in > the corner and leave us users to decide how to operate our machines ! No, security is a community wide problem. As we learn every day, insecurely admined boxes on the public internet can cause problems for everyone and not just the person with the hacked box who doesn't take the time or have the patience to do things securely. Security, sir, is everyone's problem. And I'd much rather see buggy graphical software fixed so that it doesn't require root login, than to have someone inexperienced(who doesn't have the skill to even reconfigure a shell script like xinitrc to enable root login) think that loginning into as root is an acceptible workaround for common problems. -jef"why won't the red sox lose gracefully..why do they have to put up a fight"spaleta
