On Wed, 10 Jan 2007 17:52:18 -0500 cga2000 <[EMAIL PROTECTED]> wrote:
> Mind you, and this is not directly related to the above, I sometimes > have this bizarre feeling that much of this awkwardness we have to > deal with -- in X certainly .. but from the linux console as well, > albeit to a lesser extent -- eventually boils down to the *NIX model > not having been designed from the ground up with security in mind. Huh? > I just cannot see why you should need something extreme such as root > access to install/maintain software. And let users install any malware they get across on the internet just because it popped up a window with "install me"? > Maybe that with some contortions > this could be achieved within the *NIX security model by defining a > privileged group and making sure software packaging takes this into > account .. maybe not. Not for me to decide. > > :-) Of course this can be done. It's even not so difficult to set-up using sudo. > > > How's stuff like that supposed to work in a "strict" proof of > > > concept GUI environment with no *term available -- ie. all you > > > are allowed is an icon on your desktop and possibly an entry in > > > your gnome/kde menus? > > > > Root gets the "failsafe" option for X by default? xterm is > > mandatory in an X install, IIRC. > > Please refer to what Roberto has to say about pointy-head activity in > the enterprise. In the enterprise world there is no guarantee that > some dude will not decide at some point that it's his best interest > that *term's are the devil's work and have them autdafe'd at the > earliest opportunity. > > But I was talking "proof of concept" .. in the world of the average > to-the-gui-born user .. and thinking in terms of CD/DVD's that you > just pop in .. say "yes" to the eula .. click the "next" button a few > time .. done.. Because of that crowd we have all the problems with the bot-nets. > Not likely _that_ crowd would like the idea of starting an xterm.. > typing in a command to launch the installer .. etc. etc. That's why we have synaptic/kpackage/other GUI packet managers, and I'm not speaking strictly about Debian here. > As such I find the X gui model incomplete and although having gui > installers assume you already have root authority prior to launching > them may be a lesser evil than the proliferation of password-prompting > code in the wrong places .. I'm rather convinced by Roberto's > argumentation .. I find that it's just one more good reason why I'd > rather stick to the non-gui interface. Me too, but between two evils I will choose the lesser one. If we require all GUI packet managers to be *started* by root rather then requesting the root password (via su, gksu, ...) whenever they *really* need root access than all users will start to login as root/admin as they do on Windows. Heck, I do that on Windows as well because I don't want to logout/login every time I need to mess with a prog/driver/whatever. That's one of the things I like about Linux. It encourages good security practices by not making it too difficult to do privileged tasks from within a user account. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
