[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: root in FC 10



I'm please Fedora 10 ships with graphical root logins disabled by
default. It is an excellent security step. I have a test system set up
downstairs that I have been using quite a bit. For the first time I'm
using SELinux in full enforcing mode and I'm not seeing terrible
problems (at least not yet!)

If one also encrypts the hard drive, I think it is probably much safer
and more secure to do ordinary things that save a lot of time like
paying bills online.

Bob



Mikkel L. Ellertson wrote:
> Fred Silsbee wrote:
>   
>> You don't see it do you! What you are proposing would take a
>> massive intricate system to protect people from themselves. SELINUX
>> is already a super mess duplicating controls already in place and
>> adding to the CPU burden.
>>
>>     
> One thing you seem to be missing - this is not only to protect new
> user from doing something stupid before they learn, but also to
> protect the rest of us from stupid mistakes by others. Or would you
> like to see botnets of Linux machines to go with the Windows ones?
>
> I can just picture a newbee running as root, and running an older
> version of their web browser that has a known exploit, and getting
> something nasty installed.
>
> With the profit that can be made from compromised systems, it would
> be irresponsible to ship systems with insecure default settings.
> After all, we do not want to see Linux systems that are as insecure
> as Windows systems are by default. Running as root all the tine
> defeats most of the security of a Linux system.
>
> Mikkel
>   


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]