[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lock screen does not work for root in gnome



On Tue, 19 Oct 2004 01:44:26 +0100, Jonathan Andrews
<jon jonshouse co uk> wrote:
> Bite me !

Tell me where i get in line.  

> Users should have the power to choose, even if you personally think its
> a poor choice.

Choose what? Choose to use less secure defaults? Choose to recompile
software using less secure settings? Choose to write their own
software?

Here let me reparse what seth said with my "by default" clause
post-processor and see if you can stomach my version:

 Disable root graphical logins..... by default
 Period.
 make it so gdm or kdm or xdm just exit... by default
 hell, you could make the xinitrc script handle it...by default:
 if your uid is 0 then you throw up a hate-filled messaged and
exit....by default
 EOD.... by default

I'll grant you that there are some bizarro pieces of software out
there, but if they require you to be logged into X as root, that
software has to be considered at the very least buggy if not
malicious. But I see nothing wrong with making the default settings
for gdm revoke all root user attempts at logging in..by default. And I
see no problem taking a more aggressive stance by hardcoding a well
commented root login check into xinitrc that anyone who wants to break
the no root login must find and comment out. As a local admin, you
would still have the choice to reconfigure gdm or the xinitrc script
to lift those defaults.

> If you have such a security fetish then go play with firewall rules in
> the corner and leave us users to decide how to operate our machines !

No, security is a community wide problem. As we learn every day,
insecurely admined boxes on the public internet can cause problems for
everyone and not just the person with the hacked box who doesn't take
the time or have the patience to do things securely. Security, sir, is
everyone's problem. And I'd much rather see buggy graphical software
fixed so that it doesn't require root login, than to have someone
inexperienced(who doesn't have the skill to even reconfigure a shell
script like xinitrc to enable root login) think that loginning into as
root is an acceptible workaround for common problems.

-jef"why won't the red sox lose gracefully..why do they have to put up
a fight"spaleta


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]