[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lock screen does not work for root in gnome



On Tue, 2004-10-19 at 14:50, Nils Philippsen wrote:
> So, it's not Friday yet...
> 
> On Tue, 2004-10-19 at 14:09 +0100, Jonathan Andrews wrote:
> > On Tue, 2004-10-19 at 02:12, Jeff Spaleta wrote:
> > > On Tue, 19 Oct 2004 01:44:26 +0100, Jonathan Andrews
> > > <jon jonshouse co uk> wrote:
> > > > Bite me !
> > > 
> > > Tell me where i get in line.  
> > > 
> > > > Users should have the power to choose, even if you personally think its
> > > > a poor choice.
> > > 
> > > Choose what? Choose to use less secure defaults? Choose to recompile
> > > software using less secure settings? Choose to write their own
> > > software?
> > > 
> > > Here let me reparse what seth said with my "by default" clause
> > > post-processor and see if you can stomach my version:
> > > 
> > >  Disable root graphical logins..... by default
> > >  Period.
> > >  make it so gdm or kdm or xdm just exit... by default
> > >  hell, you could make the xinitrc script handle it...by default:
> > >  if your uid is 0 then you throw up a hate-filled messaged and
> > > exit....by default
> > >  EOD.... by default
> > > 
> > > I'll grant you that there are some bizarro pieces of software out
> > > there, but if they require you to be logged into X as root, that
> > > software has to be considered at the very least buggy if not
> > > malicious. But I see nothing wrong with making the default settings
> > > for gdm revoke all root user attempts at logging in..by default. And I
> > > see no problem taking a more aggressive stance by hardcoding a well
> > > commented root login check into xinitrc that anyone who wants to break
> > > the no root login must find and comment out. As a local admin, you
> > > would still have the choice to reconfigure gdm or the xinitrc script
> > > to lift those defaults.
> > > 
> > > > If you have such a security fetish then go play with firewall rules in
> > > > the corner and leave us users to decide how to operate our machines !
> > > 
> > > No, security is a community wide problem. As we learn every day,
> > > insecurely admined boxes on the public internet can cause problems for
> > > everyone and not just the person with the hacked box who doesn't take
> > > the time or have the patience to do things securely. Security, sir, is
> > > everyone's problem. And I'd much rather see buggy graphical software
> > > fixed so that it doesn't require root login, than to have someone
> > > inexperienced(who doesn't have the skill to even reconfigure a shell
> > > script like xinitrc to enable root login) think that loginning into as
> > > root is an acceptible workaround for common problems.
> > 
> > I think you simply miss my point. 
> > 
> > Ok, so yet another Unix security person with the attitude that "mummy
> > knows best".  
> > 
> > Those who are learning will WANT to login as root to configure, its the
> > way they think it should work - they are going to look lost and confused
> > if you start shipping things with defaults that stop them. 
> 
> I think we all agree that regarding security the human factor is the
> weakest point in the equation. You need to get these points across:
> 
> - that regular updating is a good thing, to achieve that you make
> updating easy for the user (yum, up2date, apt, ...)
> - that regularly working as an ordinary user instead of always as root
> is a good measure to make it harder for viruses, dialers, etc.; 
> 
> > As for pop ups with "Don't do this, its naughty" - BAHHH !!! DONT !!! On
> > the one hand we have security people trying to take out things people
> > need, on the other we have the GUI people trying to put in more
> > pointless crap.
> 
> "Informing users about risks they're exposing themselves to is a bad
> thing" -- do you really want anyone to believe that?
> 
> I guess something like:
> 
> """
> Logging in as root is not encouraged because:
> - ... viruses ...
> - ... dialers ...
> - ... yadda yadda yadda
> You can just run the configuration tools from your normal user login, or
> switch temporarily to root by ... (explain su, sudo, ...)
> """
> 
> won't be taken as patronizing.
> 
> > Those who want better security will configure things for it, however
> > some people don't want to know.
> 
> We basically have two choices:
> 
> - Making the system "easy" while at the same time making compromises on
> security. This is what Windows does.
> - Making the system as secure as we can get it while still allowing the
> user to do the things he wants to do. That is what we try to achieve.
> 
> You really want to vote for the first option? I guess you're in the
> minority then ;-)

Its not a question of easy ! Its a question of arrogance .... your
argument is that because you know its a bad idea people should not be
able to do it. Ok - I could live with a warning .... even better if it
only happens the first time root logs in, but disabling root logins in X
is only going to cause problems, unless you can get every other distro
to follow suite .....

> 
> > I for example have a number of systems that use X servers to display
> > status information and video. At one point I thought I was going to have
> > to re-write the whole thing next time I upgraded because some security
> > minded person at Xfree decided that removing the "-ac" option from the X
> > server is "more secure"
> 
> I haven't needed that option, so why should you?

This is a windup right ? Because you personally have never needed it it
should not exist, you have been in Unix to long ........ 


> > Don't force users who want a media player in the living room, or just
> > want to have a play with linux to behave like administrators. A lot of
> > home users run with almost no security at all - worry about the network
> > cable not the physical machine......
> 
> As we're still lacking the make_this_machine_a_media_appliance-1.0-1.rpm
> package, we can safely (securely? ;-) assume that the person who wants
> to do that needs to fiddle a good deal anyway so editing gdm.conf or
> similar files isn't to onerous IMO.

I see situations like this.

novice user 1 - "how do I configure N", 
novice user 2 - "log in as root and run this GUI tool"
novice user 1 - "It wont let me"
novice user 2 - "My machine does ?"
etc etc etc etc

Makes we wonder what userbase fedora is aimed at ? Should home users be
using Debian - if so who fedora for ? 


> As we're still lacking the make_this_machine_a_media_appliance-1.0-1.rpm
> package
Bzzz ... wrong !!!

I know a reasonable number of users who are using fedora for exactly
that. The apt repositories contain a good version of mplayer and Xine
with the common codecs. Install those and click a divx,xvid,mp3 and one
media player - with no annoying pop ups during playback. I have a box
under my TV exactly for this :-)

I suppose you want to pop-up a window in xine now saying "Playing this
video while logged in as root is a security risk" 

Jon




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]