[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Verily I say unto thee, that Rahul Sundaram spake thusly:
> On 11/18/2009 11:27 PM, nodata wrote:
>> Why is it a problem? For all of the reasons that it has never been
>> a problem before. For the reason that the user is not the
>> administrator or the box, for the reason that the user is the user
>> for a reason, for the reason that by default Linux should act like
>> Linux, for the reason that the default is bad,
> All of these seems rather circular.

I don't find "the user is not the administrator" a circular argument.

Perhaps the reason that his arguments seems circular, is that he's
having difficulty with the concept of having to spell-out the
fundamental axioms of computer security ... on a developers list.

Let's try an analogy, and just for maximal irritation let's make it a
car analogy, which I know everyone loves:

You drive your 12 year old son to school every day. In this sense, he is
a user of the car. You fill the tank at the same gas station every day.

Would you give the keys of your car to your 12 year old son, and ask him
to drive to the gas station, simply because your son is an authorised
"user" of your car, and because you trust the quality of the fuel from
that gas station?

Users are not, and should never be, administrators.

The assumption that every Fedora user is also the administrator on a
single-user system, is just that ... an assumption, and one which is
statistically highly unlikely to be universally correct.

Should those administrators of multi-user systems be subjected to this
sort of insecurity by default?

And frankly, even if it were the case that Fedora was being universally
rejected for server operation, I find this new policy an affront to the
basic principles of UNIX security. And if you need further clarification
on that highly impassioned opinion, then let me explain (as if I should
need to do so) why the principle "do not take the name of thy root in
vein" has attained the status of aphorism: If there is no clear
separation of privileged from unprivileged access on a computer system,
then privileged access quickly becomes the norm (a la Microsoft
Windows), and thus every bleary-eyed mistake becomes a potentially fatal
issue for the entire system, every user on that system, and possibly
even further afield (e.g. spam-bots).

One look at the current pitiful state of Windows security should be more
than sufficient explanation for why this new policy is the mother of all
bad ideas.

> Should the defaults be targeted towards home users or corporate
> desktop considering the short lifecycle of Fedora and the target
> audience?

Since when did security become optional in Linux?

Isn't it supposed to be one of the biggest (if not the biggest)
differentiator from Windows?

And are you suggesting that corporate users, or any others in a
multi-user environment, are not supposed to use Fedora?

Are there, in fact, no Fedora users in such an environment? And if there
are, doesn't Fedora have a social responsibility to ensure that
environment is secure be default, or indeed that Fedora in /any/
environment is secure by default?

> I am not sure there are corporate deployments but wouldn't they be
> heavily customized their desktop deployments and kickstarting it
> anyway?

Maybe some are.

Inevitably, some won't be.

Error: Too many assumptions. Stack overflow.

Keith G. Robertson-Turner

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]