begin quoting Tracy R Reed as of Wed, Apr 20, 2005 at 09:56:53AM +0700: > Stewart Stremler wrote: > > So they have someone to blame, and are happy! > > Isn't that why people buy proprietary software? :) Indeed. Of course, it doesn't keep them from blaming others when they don't buy it...
> >>Better than not running as root.
> >
> > HOW?
>
> I think we have had a number of explanations as to how. Only one of
> which you seemed to like.
"Like" isn't the term I'd use. "Defensible" would be better.
> But you inferred that you are mainly playing
> devils advocate here and that you agree that you should not use your
> computer as root. So what are some of your reasons?
I stated that early -- it encourages bad habits.
Beyond that, in the single-user situation, the security/usability tradeoff
just isn't there. I don't like it, but then, I don't have to. I just
have to deal with it.
> I think there is also the argument to be made that nobody really runs a
> single user system anyway. Most households I know of have several users
> on their computers. Mom, dad, one or two kids, etc. I think most Lindows
> systems will be used in that way just like most of the Windows systems I
> see are used that way.
I think it has been pointed out (by DJA, IIRC) that this isn't the case
in the real world. Those are effectively single-user systems.
They'd be better off, no doubt, as properly-administered multi-user
systems, but would those households be _willing_ do do that?
> I think perhaps we have allowed ourselves to be trolled with a red
> herring here.
I'm not trolling. I'm just pointing out that the emperor's clothes are
mostly not there. (Dangerous business, I know...)
> > In a single-user non-dual-boot system, how is not running as root
> > more secure than running as root?
>
> Getting even more specific! This situation is getting so rare that it is
> hardly worth arguing.
Of course it's getting specific. Without getting specific, it would come
back to "see above" again, which is dreadfully boring.
> > Sounds like a challenge. Invite him to do so. It would be amusing. He
> > doesn't even have to present -- just show up, put his machine on the
>
> Doesn't sound like a good idea. These sort of "hack me" challenges
> rarely prove anything.
See the bit where I said "amusing"?
[snip]
> > Point at SELinux and chanting "neener neener neener we're secure" does
> > not an argument make, either.
>
> I do not believe anyone has done this.
Well, not in those exact words...
> Security discussions always
> devolve into arguing over semantics and absolutes.
All discussions!
> Since it is
> impossible to be "Secure" with a capital 'S' we must assume the
> convention that anytime someone implies security they mean "more secure"
> not perfect security.
Perfect security is disassembled, sandblased, encased in concrete, and buried.
> I think SE Linux does add more security. And so
> far with zero overhead as I have done all kinds of things to my laptop
> and never had to mess with it.
And how does it protect your data?
("By preventing a compromise of the OS." is not an acceptable answer.)
> > The argument seems to be _HOW_ is it less safe?
>
> But do you agree with the premise that it is less safe? We have offered
> a number of reasons how we think it is less safe. What are yours?
For the scenario in question? It isn't.
I've already discussed how it *could* be more safe. I don't really feel
like rehashing those *again*. If you didn't like 'em the first time,
you won't like 'em any more when I bring 'em up again.
> > A lot of people confuse multi-user system constraints with single-user
> > system constraints.
>
> Feeling trolled, I posit that single-user systems are quite rare and
> that a distribution should be prepared to handle a multi-user system or
> it is failing the user.
And I'm feeling weaseled. Instead of conceding that whatshisname has a
point and that you can't really deal with it, you change the situation to
one that backs your position instead.
I posit that you've accepted that Linspire/Lindows is targeted at single
user systems already, and the multi-user situation has already been excluded
from consideration. You should either come up with some better reasons,
or concede the point.
> > With TWO users, the situation changes drastically. Losing just one
> > user's data is bad, but not as bad as losing the data for BOTH users.
> > So _system_ security becomes paramount. You protect the system so
> > that a compromise of one user does not affect the other user.
>
> Exactly. So, shall we proclaim that Linspire is not a multi-user system?
> If that is the case then that is a great argument against it I think.
I'm not recommending Linspire. I'm dealing purely with the argument presented.
> > It oughtn't.
> >
> > If it does, that's a separate issue, as it's no long a single-user
> > machine, but a server.
>
> Every host on the Internet should be capable of being a server. That is
> part of the utility of the net. Linspire users will inevitably want to
> run P2P file sharing apps at the very least. I think we have been
> arguing the wrong thing all along.
That's back to "avoid learning bad habits".
I trotted that one out first thing. Way upthread. :)
> > VMS-like or VMS-style, please. The constraint is that all changes must
> > be preserved, not just the N most recent ones.
>
> Actually, Zope Object DataBase does a pretty good job of this. All
> changes are preserved. This is one of the ways it provides atomicity.
> You do occasionally have to bite the bullet and repack the db losing
> changes though unless you have infinite disk space.
Yup. The model isn't new. It just isn't apparently implemented in a
filesystem yet.
[snip]
> > I'm plenty annoyed. I've decided to be generous and share.
>
> I have to agree with Neil that taken too far it does get annoying. I
What, having someone hold up the arguments presented to some actual
standards? Better now in a friendly forum than in public when some
charming salesweasel slices your ego to ribbons.
> think it's for Stewart to show us his cards. :) Where do you really
> stand on the issue?
I've had 'em face-up on the table the entire time, so far as I can tell.
For the constraints of the problem he's not far wrong. For now. There
are some concepts that can be put into place, perhaps, to change the
situation -- so he might be _made_ wrong.
> As an experienced Unix guy your opinion is valued.
It doesn't always seem that way.
> > Seriously, we have a 'so-and-so sucks because he says something we
> > don't agree with' and not a lot of sober analysis of the pros and cons
> > of his position. All-or-nothing reasoning is rarely reasonable, and
> > it's quite annoying.
>
> I am trying to provide sober analysis of the pros and cons.
You've done better than many, by far.
> > Where, in this thread, have I recommended installing packages in $HOME?
>
> You seemed to indicate that if you are a developer you might want to
> install things in $HOME. Having a few personal binaries that only I use
> in ~/bin seems to have utility also.
I don't recall that being in *this* thread. But yes, I generally like $HOME
being mounted w/o noexec, as that's a usablity-vs-security tradeoff I'm
willing to accept. The utility of ~/bin and ~/local is quite high.
-Stewart "Stop with the pointy sticks already!" Stremler
pgpiQWIJGTVyd.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
