[NCLUG] Why not Root?
James DeWitt
jdewitt at verinet.com
Sun Mar 18 13:25:03 MDT 2007
I'd like to request at this point that we focus on persuasive arguments
with practical examples and references to further information if possible.
Thanks,
JD
On Sunday 18 March 2007 1:15:03 pm Chad Perrin wrote:
> On Sat, Mar 17, 2007 at 07:54:51PM -0600, John L. Bass wrote:
> > Bill Thorson <bill at tstorms.com> writes:
> > > If you are using the default gnome. There is a "Network Configuration"
> > > tool which requests root password and then lists your network devices.
> > > When you select one and click 'edit' you see as one of your options
> > > "Allow all users to enable and disable the device." This worked for
> > > me.
> >
> > The security aspects of this are very interesting, as providing root
> > password for the scripts greatly increases the working set of
> > applications and scripts that need to be verified as "trusted". In
> > general this increases the risk of a local machine security flaw, by
> > having even more code in the "must be trusted" class.
>
> . . . and yet, you can't seem to grasp that it's a bad idea to run
> *everything* as root.
More information about the NCLUG
mailing list