[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fake Emails about Emergency Security Update

On Tue, 26 Oct 2004 09:27:17 -0400, Sean Middleditch
<elanthis awesomeplay com> wrote:
> On Tue, 2004-10-26 at 09:16 -0300, Ben Steeves wrote:
> > On Mon, 25 Oct 2004 20:46:29 +0200, Kyrre Ness Sjobak
> > <kyrre solution-forge net > wrote:
> > > These frauds are damn impossible to protect against...
> >
> > Nonsense.  Just don't give clueless users the ability to a) become
> > super user, b) compile things, c) install things.
> >
> > And if your clueless user *is* your super user... well, then you have
> > problems.  :-)
> The problem is that, for home users, that is pretty much guaranteed to
> be the case.

Not necessarily.  When I set up a system for a non-technical user who
doesn't need root, I don't give them root.  They can still do
everything they need to do, without the risks associated with even
having to understand how priviledge works.

Even clued users shouldn't run things as the super user.  Part of
being clued is the understanding of why.

Ben Steeves                     _                    bcs metacon ca
 The ASCII ribbon campaign     ( )            ben steeves gmail com
   against HTML e-mail          X                GPG ID: 0xB3EBF1D9
http://www.metacon.ca/bcs      / \     Yahoo Messenger: ben_steeves

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]