* Patrick O Neil ([EMAIL PROTECTED]) wrote:
> Superuser on MY system can do anything. He/she can shutdown the
> system, delete my home directory, delete /usr, etc. There is
> no logical reason that superuser on my own system cannot connect
> to anyone's display by default. There is no security in this
> behavior given the powers of superuser/root as listed above.
> Connecting to a user's display as root is nothing compared to
> the other security issues, system safety issues that automatically
> reside with root/superuser.
>
> How can su not being able to, by default, connect to my display
> (as I login as superuser rather than login as root at the
> getgo - which is THE recommended way to administer things)
> be safe and secure? Su can kill my session at will, delete
> my name/password, delete my directory, etc. With all that,
> being able to simply connect to my display by default so that
> it is simple for su to administer the system - run control-panel,
> linuxconf, etc - is doable by default. I run this system.
> I need to alter things from time to time. It is a royal pain
> for the default behavior to require that a user logout, root
> login and do his thing, logout, let the user relogin. This
> inability to connect to display by default makes this NECESSARY.
> If su could connect to a display by default, a user (myself who
> is also the arbiter of what this system is or will be, etc)
> would not have to logout and root would not have to login.
>
> That is why this automatic, default behavior towards a system's
> superuser is ridiculous. It is not more secure to do things this
> way given the power of superuser overall. If someone who isn't
> authorized to run su cracks into root, then all is lost
> REGARDLESS of the supposed security of su not being able to
> connect to a user's display.
>
> patrick
Dude. Too much anger I think :)
I told you how to fix your problem, so chill.
I repeat. In plain English. Type "xhost +localhost" then su to root
and all will be well. If you do this often, stick it in ~/.xinitrc to
make it the default.
In response to your "redhat should come taylored perfectly to my
*exact* needs and require *no* modification in order to run the way
*I* want" rantings, please consider the bigger picture. On multi-user
systems (ie not just *you*) it is desirable to prevent other users
access to your display. Even root. Just because root can kill your
session or delete your password (irrelavent btw) doesn't mean he/she
should be able to pop an application up on your display, either
locally or over a network.
So, the default behaviour makes sense in the bigger picture. You are
thinking very much as a "only I use this computer" user, and you don't
consider the wider applications.
Obviously, redhat can't get the defaults so that they are perfect for
everybody. I personally don't think xhost +localhost is a really big
deal, it just another part of setting up your environment the way you
want.
Tom.
--
.-------------------------------------------------------.
.^. | Tom Gilbert, England | [EMAIL PROTECTED] |
/V\ |----------------------| www.tomgilbert.freeserve.co.uk |
// \\ | Sites I recommend: `--------------------------------|
/( )\ | www.freshmeat.net www.enlightenment.org slashdot.org |
^^-^^ `-------------------------------------------------------'
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
