Root in FC10
Todd Zullinger
tmz at pobox.com
Sun Dec 7 16:18:30 UTC 2008
R. G. Newbury wrote:
> That's my point. You are adding the job of nanny under the guise of
> security. That is NOT security.
Boy, this is getting old.
If you run as root, any bug that allows for remote code execution is
an immediate root compromise, with no need for any privilege
escalation. If you run as a normal user, such security bugs do not
lead directly to a root compromise. Adding SELinux to the mix further
decreases the chances that such an exploit will lead to a root
compromise.
If you want to run in an insecure manner, change the default and get
on with your day. Repeatedly saying that it has nothing to do with
security will not make it any less true.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the beginning the Universe was created. This has made a lot of
people very angry and has been widely regarded as a bad move.
-- Douglas Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081207/760f1cac/attachment-0001.sig>
More information about the fedora-list
mailing list