Re: sudo without password
- From: Alan McKinnon <alan@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Jun 2006 19:29:58 +0200
On Friday 09 June 2006 16:53, ubuntu@xxxxxx wrote:
As I recall, UNIX specifically chose it's current security model
because the more secure ones (like access lists) required far more
time and effort, and therefore are more likely to have holes left
by the operators.
Correct. Thomson and Ritchie were part of the Multics team way way
back and even though Multics had all the "proper" features like acls
and was designed "properly", it was going nowhere at a very fast
rate. T&R dumped this and went for something they could implement.
It's the classic Stanford vs New Jersey clash - one is correct, the
other one works.
It's the human component, as you say. If your security model is
too much of a pain in the rear to set up and maintain, it will fall
apart. Quite often, the simpler the solution, the more secure it
will be in the long run.
This probably explains why SELinux is less prevalent than it should
be, given it's capabilities
I just first tried Ubuntu for the first time with the release of
Dapper, and I was rather surprised it did not install a
host-firewall by default. I understand Ubuntu's take of "we don't
install anything that listens", but that quickly falls apart when
the user starts installing things like NFS that require portmap,
for instance.
Now that's a good way to start a "vigorous discussion" (like the
compiler one that's going on elsewhere). A port-based and a
host-based firewall on a workstation seems like a good idea to us
old-timers, but the problem with these is that they require an
enormous amount of knowledge from the user. *I* can't remember which
port imap runs on (that's why I have /etc/services), so I wouldn't
expect the average user to know. Thanks to dhcp and dynamic ips, the
average user can't be expected to filter hosts more fine than local
network/not local network. I'm not saying that these problems can't
be solved, it's just that I haven't seen a solution for them yet that
is suitable for mass deployment.
As an aside, another interesting notion, I think, was released with
SuSE 10.1: AppArmor. The idea is to restrict programs, rather than
users. Effectively, you create access lists of what a particular
program is allowed to access. Much the same deal as chroot, but
with far less hassle. (Since you don't actually have to copy it
all into a single path)
I keep intending to investigate this product and never get round to
it. Is it so that the user can for example block everything except
connections initiated by Firefox and Thunderbird, and allow incoming
port 80? If so, that strikes me as a better approach than tcpd &
iptables.
--
If only me, you and dead people understand hex,
how many people understand hex?
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- Follow-Ups:
- Re: sudo without password
- From: ubuntu
- Re: sudo without password
- References:
- sudo without password
- From: Mladen Bestvina
- Re: sudo without password
- From: Luis
- Re: sudo without password
- From: ubuntu
- sudo without password
- Prev by Date: Re: Wine: MS Money 2004 + IE6
- Next by Date: Re: XGL + Opengl + Multimedia possible ?
- Previous by thread: Re: sudo without password
- Next by thread: Re: sudo without password
- Index(es):
Relevant Pages
|
