Frank Peters posted on Tue, 17 Jun 2014 09:04:34 -0400 as excerpted: > The problem with all Linux distributions, and not just Gentoo, is that > they are directed toward a multi-user, networked environment. As a > consequence, they exhibit security and other features that generally > make no sense whatsoever for a single-user desktop machine that > optionally connects externally only with an ISP through a router/modem.
> In the single-user, desktop environment, the probability of a buffer > overflow "attack" is virtually nil, especially if one is highly > selective about "surfing" the Internet and employing Internet software > (which I am). > My system is configured in a way that is quite contrary to recommended > Linux practice (for example I run only and always as the root superuser > and have no need for file permissions) but yet it makes perfect sense > for my situation. > > Are single desktop users that much of a minority? I would hope not. While I strongly disagree with your position, I equally strongly respect you for knowing what you want and sticking to it. As I said earlier, gentoo wouldn't be gentoo if it didn't both allow such a thing and make it reasonably easy by exposing and automating the tools necessary to do such things, and that sort of individualism is /exactly/ what gentoo is about. =:^) As to the disagreement, I guess I'm a single-human-user desktop system user too. But I recognize the benefits of running various daemons as their own (non-human) user, for instance, and in fact, I've gone to some lengths to setup two entirely separate user accounts, a generic user account and a sysadmin account, so I don't have to "take the name of root in vain" when I have my sysadmin hat on. My normal user is deliberately quite restricted, only a very few restricted sudo commands available, etc. It's the only one that runs X. One of the few things that user CAN do, however, is sudo (with password) to the admin user. The admin user in turn has unrestricted passwordless sudo, but does NOT operate as root /without/ that sudo. Running as the admin user, among other things I avoid live-editing a potentially damaging command (like rming a system file) as root -- I type the command in and initially run it as the unprivileged admin user. Of course then the risky command fails with a permissions error, but in so doing it lets me see exactly what it WOULD have done (which files it would rm, etc). If and only if it's the file(s) that I intended (and ONLY those files), I can quickly uparrow to bring the command back, hit home and add the sudo, to run the command for real. But that admin user doesn't run X, nor can I su or sudo any X-based apps as root, from my normal X-using user. Superuser is strictly limited to the commandline, and even then, I normally don't run a full shell as superuser, instead only executing specific commands as superuser using sudo. So quite in contrast to you, I don't normally even escalate to superuser even when I'm doing admin tasks, except for specific commands. But sudo and sudoedit (which I have aliased to simply s and se, respectively, with an smc for sudo mc, as another frequently used alias) are tools I use all the time. Meanwhile, as rich0 already alluded to, several of the recent malware incidents have been propagated via otherwise legitimate ad-networks, placing vuln-trigger ads on otherwise legitimate and widely respected web sites. If you're running ads on your favorite news site, you're potentially vulnerable, as that's specifically the channel of attack they're using these days. Now of course I run noscript and request-policy, both set to whitelist mode, blacklisting all off-site scripts and all site-to-site-connections except those that I've specifically allowed, and I also run privoxy, so I don't tend to see many ads. And I don't actually have any plugins registered either and DEFINITELY no servantware such as flash, another typical malware-injection method. But that doesn't mean I don't appreciate stack-smashing protection and the like for my browser, and in fact, every time /any/ program segfaults or the like, I find myself quickly evaluating the chance that said segfault was due to a buffer overflow, what might have triggered it, the data I was working on at the time and where it came from, and the potential risk of malware injection. So I'm certainly appreciating this SSP here as I appreciate the lowering of risk profile it brings! =:^) But obviously your use-case and mine are about as contrasted as they could be even if we're both running single-human-user desktop systems; you're running as root all the time, while I try not to even run a shell as root. You don't care about SSP and the like, while I definitely appreciate the lower risk profile and spend a significant amount of my time educating myself on current security issues and actively avoiding things that might increase my risk profile. But as I said, I can and do still respect that. You have every right to run that way if you like, and gentoo even tends to make it easier for you to do so. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
