Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 26 Apr 2001 13:23:36 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 26 Apr 2001 13:23:26 -0400 Received: from mauve.demon.co.uk ([158.152.209.66]:64439 "EHLO mauve.demon.co.uk") by vger.kernel.org with ESMTP id ; Thu, 26 Apr 2001 13:23:13 -0400 From: Ian Stirling Message-Id: <200104261722.SAA16939@mauve.demon.co.uk> Subject: Re: [PATCH] Single user linux To: brownfld@irridia.com (Ken Brownfield) Date: Thu, 26 Apr 2001 18:22:01 +0100 (BST) Cc: linux-kernel@vger.kernel.org In-Reply-To: <200104261700.MAA13391@asooo.flowerfire.com> from "Ken Brownfield" at Apr 26, 2001 10:00:02 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > > > On Thursday, April 26, 2001, at 07:03 AM, wrote: > > he owns the computer, he may do anything he wants. > Any OS worth its weight in silicon will make a distinction between > blessed and unblessed users. It can be phrased in different ways -- > root vs. non-root, admin vs. non-admin. But no one should EVER log in > to a machine as root. Period. (1) Also, there is another reason. If you'r logged in as root, then any exploitable bug in large programs, be it netscape, realplayer, wine, vmware, ... means that the cracker owns your machine. If they are not, then the cracker has to go through another significant hoop, in order to get access to the machine. For optimal security, you can do things like running netscape and other apps under unpriveledged users, where they only have access to their own files. (Note, netscape/.. are just used as examples, I'm not saying they are more buggy than others, just large, and hard to get bug-free) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/