What I HATE about F11
Krzysztof Halasa
khc at pm.waw.pl
Sun Jun 14 20:12:47 UTC 2009
Michael Fleming <mfleming at thatfleminggent.com> writes:
> With the likes of sudo / ConsoleKit / console-helper et. al you should
> never, ever need to run an extended session as root. Your day-to-day
> work can be done perfectly well as a standard non-privileged user, the
> applications that *need* root, especially in X, are hooked into
> consolehelper/ConsoleKit anyway and will prompt you for the root
> password in any case (when run as a regular user)
That doesn't mean it's more secure that directly logging as root using
e.g. ssh, tty or xterm. I won't argue about X "desktop".
A non-privileged account ceases to be non-privileged when you use it to
become root. It may save you from incidental rm -rf /, but it creates
a false feeling that the "non-privileged" account doesn't need the same
level of protection as the root account needs. From a security
standpoint, it's thus usually less secure that using root directly.
Obviously one shouldn't use root account for non-admin tasks, sure. But
it has nothing to do with security.
If one has to perform many root tasks, there is nothing wrong in doing
it in "an extended root session". Having to type root password many
times may only create an additional opportunity for a compromise.
> As a systems administrator I applaud this idea, as it stops people from
> shooting themselves in the foot
That may be true. The same can probably be said about alias rm='rm -i'
and so on. This is not security, however.
--
Krzysztof Halasa
More information about the fedora-devel-list
mailing list