On Wednesday, May 2, 2018 4:34:51 PM CEST Stephen John Smoogen wrote: > The issue is where they do not know they have installed software to > their home directory. Sure but still better than if they did not know they had installed software outside of their home directory, at least from perspective of other users sharing the same system. > This leads to the problem outlined in > https://xkcd.com/1200/ where the user account is more precious than > having root. Wait. If you have full root access, you have automatically access to data (and running sessions) of all users on that system. I think you are misreading the xkcd. It says that stealing a user sessions is _almost_ as serious as having root access on that system. Still as root you can do a superset of things compared to having a user session only. > > 2. You do not allow users to easily install software to their home > > directory. > > > In that case, they will install questionable software using sudo, > > which > > gives it root privileges and affects all other users on the system > > (and > > possibly other systems reachable through a trusted network). > > > > > > > Which most users will do anyway because every stackoverflow and > software install says you have to do a 'curl | su -' or a 'sudo > pip/gem/etc install' Because that is currently the only way that works reliably. If you find out a more secure way that works for the users equally well, it will find its way to stackoverflow some day. Kamil _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
