[NCLUG] Why not Root?

John L. Bass jbass at dmsd.com
Sun Mar 18 20:01:50 MDT 2007


	I'd have to disagree that it's anything like "swiss cheese".  We maintain
	and administer hundreds of Linux machines and it's rare for us to have
	machines exploited.  I do agree that giving untrusted users accounts on a
	system dramatically changes the security profile of that machine, which is
	why I recommend not doing that.

	But, you know, if Linux security does not seem, to me, to be swiss cheese,
	or I'd expect many more exploits on the systems we manage.

	Sean

Sorry for the "swiss cheese" definition, as is "highly subjective" at best.

The intent was to imply that it's difficult to look at the several gigabytes
of a typical distribution, and have a clear line in the sand where the trusted
and untrusted code boundries are, and the trusted and untrusted administrative
tasks are, in relation to who/what/where/when changes in code/policy are defined,
implemented, and distributed are. 

Some of it comes from fundamentally secure and accountable sources, some of it
from less so sources, and a lot of it nearly unknown by the typical IT manager.

John



More information about the NCLUG mailing list