On Tue, 2004-10-19 at 14:50, Nils Philippsen wrote: > So, it's not Friday yet... > > On Tue, 2004-10-19 at 14:09 +0100, Jonathan Andrews wrote: > > On Tue, 2004-10-19 at 02:12, Jeff Spaleta wrote: > > > On Tue, 19 Oct 2004 01:44:26 +0100, Jonathan Andrews > > > <jon@xxxxxxxxxxxxxxx> wrote: > > > > Bite me ! > > > > > > Tell me where i get in line. > > > > > > > Users should have the power to choose, even if you personally think its > > > > a poor choice. > > > > > > Choose what? Choose to use less secure defaults? Choose to recompile > > > software using less secure settings? Choose to write their own > > > software? > > > > > > Here let me reparse what seth said with my "by default" clause > > > post-processor and see if you can stomach my version: > > > > > > Disable root graphical logins..... by default > > > Period. > > > make it so gdm or kdm or xdm just exit... by default > > > hell, you could make the xinitrc script handle it...by default: > > > if your uid is 0 then you throw up a hate-filled messaged and > > > exit....by default > > > EOD.... by default > > > > > > I'll grant you that there are some bizarro pieces of software out > > > there, but if they require you to be logged into X as root, that > > > software has to be considered at the very least buggy if not > > > malicious. But I see nothing wrong with making the default settings > > > for gdm revoke all root user attempts at logging in..by default. And I > > > see no problem taking a more aggressive stance by hardcoding a well > > > commented root login check into xinitrc that anyone who wants to break > > > the no root login must find and comment out. As a local admin, you > > > would still have the choice to reconfigure gdm or the xinitrc script > > > to lift those defaults. > > > > > > > If you have such a security fetish then go play with firewall rules in > > > > the corner and leave us users to decide how to operate our machines ! > > > > > > No, security is a community wide problem. As we learn every day, > > > insecurely admined boxes on the public internet can cause problems for > > > everyone and not just the person with the hacked box who doesn't take > > > the time or have the patience to do things securely. Security, sir, is > > > everyone's problem. And I'd much rather see buggy graphical software > > > fixed so that it doesn't require root login, than to have someone > > > inexperienced(who doesn't have the skill to even reconfigure a shell > > > script like xinitrc to enable root login) think that loginning into as > > > root is an acceptible workaround for common problems. > > > > I think you simply miss my point. > > > > Ok, so yet another Unix security person with the attitude that "mummy > > knows best". > > > > Those who are learning will WANT to login as root to configure, its the > > way they think it should work - they are going to look lost and confused > > if you start shipping things with defaults that stop them. > > I think we all agree that regarding security the human factor is the > weakest point in the equation. You need to get these points across: > > - that regular updating is a good thing, to achieve that you make > updating easy for the user (yum, up2date, apt, ...) > - that regularly working as an ordinary user instead of always as root > is a good measure to make it harder for viruses, dialers, etc.; > > > As for pop ups with "Don't do this, its naughty" - BAHHH !!! DONT !!! On > > the one hand we have security people trying to take out things people > > need, on the other we have the GUI people trying to put in more > > pointless crap. > > "Informing users about risks they're exposing themselves to is a bad > thing" -- do you really want anyone to believe that? > > I guess something like: > > """ > Logging in as root is not encouraged because: > - ... viruses ... > - ... dialers ... > - ... yadda yadda yadda > You can just run the configuration tools from your normal user login, or > switch temporarily to root by ... (explain su, sudo, ...) > """ > > won't be taken as patronizing. > > > Those who want better security will configure things for it, however > > some people don't want to know. > > We basically have two choices: > > - Making the system "easy" while at the same time making compromises on > security. This is what Windows does. > - Making the system as secure as we can get it while still allowing the > user to do the things he wants to do. That is what we try to achieve. > > You really want to vote for the first option? I guess you're in the > minority then ;-) Its not a question of easy ! Its a question of arrogance .... your argument is that because you know its a bad idea people should not be able to do it. Ok - I could live with a warning .... even better if it only happens the first time root logs in, but disabling root logins in X is only going to cause problems, unless you can get every other distro to follow suite ..... > > > I for example have a number of systems that use X servers to display > > status information and video. At one point I thought I was going to have > > to re-write the whole thing next time I upgraded because some security > > minded person at Xfree decided that removing the "-ac" option from the X > > server is "more secure" > > I haven't needed that option, so why should you? This is a windup right ? Because you personally have never needed it it should not exist, you have been in Unix to long ........ > > Don't force users who want a media player in the living room, or just > > want to have a play with linux to behave like administrators. A lot of > > home users run with almost no security at all - worry about the network > > cable not the physical machine...... > > As we're still lacking the make_this_machine_a_media_appliance-1.0-1.rpm > package, we can safely (securely? ;-) assume that the person who wants > to do that needs to fiddle a good deal anyway so editing gdm.conf or > similar files isn't to onerous IMO. I see situations like this. novice user 1 - "how do I configure N", novice user 2 - "log in as root and run this GUI tool" novice user 1 - "It wont let me" novice user 2 - "My machine does ?" etc etc etc etc Makes we wonder what userbase fedora is aimed at ? Should home users be using Debian - if so who fedora for ? > As we're still lacking the make_this_machine_a_media_appliance-1.0-1.rpm > package Bzzz ... wrong !!! I know a reasonable number of users who are using fedora for exactly that. The apt repositories contain a good version of mplayer and Xine with the common codecs. Install those and click a divx,xvid,mp3 and one media player - with no annoying pop ups during playback. I have a box under my TV exactly for this :-) I suppose you want to pop-up a window in xine now saying "Playing this video while logged in as root is a security risk" Jon
