Re: Root privilege (SOLVED)

On Thu, 11 Jan 2007 14:01:55 -0500
cga2000 <cga2000@xxxxxxxxxxxxx> wrote:

Well .. the malware could be the installer itself, no..? It _is_
software after all. If I was up to no good that's exactly where I'd
stick my mal-code.. only runs once .. under root, usually .. does
its stuff .. removes itself.. and pop goes the weasel ..

Why should install programs run with the "extreme" privileges I
mentioned earlier when it is totally unnecessary in the first place?

Installers on linux are the exception not the rule.

Besides, isn't this practice of switching to root whenever you
install a program in clear violation of the first -- 2nd, 3rd .. ?
principle of computer security .. ?? -- ie. users of a given system
should not be granted more privileges than necessary to perform the
tasks that fall within the scope of their position.

No reason I can think of why Joe Consultant should have read/write
access to the company's payroll files or other confidential data when
all he needs is permission to upgrade a couple of binaries in
usr/bin.

But that's exactly it. Upgrading those binaries is a potential security
problem and it should be delegated only to responsible persons.

I'm not really convinced. I'm no expert, but sudo does sound a bit
like the "dancing dog at the circus" to me .. For one thing, KISS is
another fundamental principle where system security is concerned and
in this respect, sudo does not seem to go in the right direction.

AFAICT sudo is actually plugging some of the holes mentioned in that
handbook. It has logging and you can delegate specific tasks or even
single commands to specific users or groups.

Regards,
Andrei
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages