[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Excessive root usage in Debian

Bjoern Brill <brill@samson.math.uni-frankfurt.de> writes:

> > I don't understand why that would be more secure than giving them root
> > access. Even giving them access to /etc/vimrc would be a security loophole
> > if root ran vim. Many - maybe most - config files let you run an arbitrary 
> > program at some point.
> > 
> There are at least three different aspects to consider:
> 1. protection against security compromises:
> For this, giving anyone but root administrative power tends to open
> security leaks. As you said, everybody who can alter config files (or
> write to raw devices to run fsck or...) can compromise the whole system.
> So everything you get are more accounts that have to be safeguarded at any
> price.

This is a logically silly point, since with our existing system this
people have to be given full root access anyway.  How is giving them
access to a particular user or group less secure, given that the worst 
that could happen is that they could obtain the same access that they
must have now?

John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
  Remote from Kansas

Reply to: