On 13.01.2008 01:45, M. Edward (Ed) Borasky wrote: > Typical Linux practice is the following: > > 1. One *never* allows remote shell login as "root" -- *ever* -- even > behind a firewall. One allows only *one* user in the "wheel" group to > log in to a shell account, and then *only* via "ssh". >
Which is almost as unsafe as using "root" directly. > 2. When root access is needed, "sudo" is used, with the least permissive > mode possible. > And once you start installing software globally via sudo, the account from which you called sudo to install software is (in almost all circumstances) effectively "root". Same goes for bootloader configuration. > 3. "ftp" is done using "sftp" and/or "scp". For Windows clients, there's > PuTTY. > Agreed. > Anything less than this level of security is a bad habit -- a *very* bad > habit. Please don't encourage such habits, or ask the open source > community to cater to them. > Actually, I would consider the belief that sudo makes things unconditionally safer to be mostly equivalent to the belief that a "personal firewall" (which is not a firewall) makes things unconditionally safer. IMO, use of sudo should be discouraged because it gives people a false sense of security. It is possible to use sudo in a safe way. Same goes for the "root" account. And then there are those people who run "sudo bash". Although they violate your point 2, they prove part of my point. Many people interpret complicated or work-intensive interfaces as damage and work around them. Often the workaround not only neutralizes the intent of the original interface, it actually makes things worse from the perspective of the person who tried to impose the interface on them in the first place. Have you ever worked at a place where people were required to change their passwords every month and the new password was not allowed to match any of the last n passwords? I have seen that and assure you that it worsens security. People start to put their password as post-it-note on their monitor. Once you manage to stop the post-it habit, they figure out that a rotating list of passwords constructed like "secret1, secret2, secret3..." works fine. If the system notices that passwords are similar, there's at least some chance one guy knows another guy who then tells someone in upper management that if the system is able to find similarities between passwords, they surely are not stored with a cryptographically secure hash function. Regards, Carl-Daniel _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
