Re: Root privilege (SOLVED)

To: debian-user@lists.debian.org
Subject: Re: Root privilege (SOLVED)
From: Andrei Popescu <andreimpopescu@gmail.com>
Date: Thu, 11 Jan 2007 23:06:01 +0200
Message-id: <[🔎] 20070111230601.55081cf5@think.homenet>
In-reply-to: <[🔎] 20070111190155.GI12265@turki.gavron.org>
References: <[🔎] 20070108053332.GB15852@santiago.connexer.com> <[🔎] 20070109195057.GB820@turki.gavron.org> <[🔎] 1168374065.2211.49.camel@boomerang.ran.sandia.gov> <20070109231731.GC820@turki.gavron.org> <[🔎] 20070109232805.GD820@turki.gavron.org> <[🔎] 20070109233701.GA25245@santiago.connexer.com> <[🔎] 20070110054221.GA12265@turki.gavron.org> <[🔎] lhrf74xcvc.ln2@ursa-major.ursine.ca> <[🔎] 20070110225218.GF12265@turki.gavron.org> <[🔎] 20070111100633.5206dbee@think.homenet> <[🔎] 20070111190155.GI12265@turki.gavron.org>

On Thu, 11 Jan 2007 14:01:55 -0500
cga2000 <cga2000@optonline.net> wrote:

> Well .. the malware could be the installer itself, no..?  It _is_
> software after all.  If I was up to no good that's exactly where I'd
> stick my mal-code..  only runs once .. under root, usually ..  does
> its stuff .. removes itself.. and pop goes the weasel ..
> 
> Why should install programs run with the "extreme" privileges I
> mentioned earlier when it is totally unnecessary in the first place?

Installers on linux are the exception not the rule.

> Besides, isn't this practice of switching to root whenever you
> install a program in clear violation of the first -- 2nd, 3rd .. ?
> principle of computer security .. ?? -- ie. users of a given system
> should not be granted more privileges than necessary to perform the
> tasks that fall within the scope of their position.  
>
> No reason I can think of why Joe Consultant should have read/write
> access to the company's payroll files or other confidential data when
> all he needs is permission to upgrade a couple of binaries in
> usr/bin.  

But that's exactly it. Upgrading those binaries is a potential security
problem and it should be delegated only to responsible persons.
 
> I'm not really convinced.  I'm no expert, but sudo does sound a bit
> like the "dancing dog at the circus" to me ..  For one thing, KISS is
> another fundamental principle where system security is concerned and
> in this respect, sudo does not seem to go in the right direction.

AFAICT sudo is actually plugging some of the holes mentioned in that
handbook. It has logging and you can delegate specific tasks or even
single commands to specific users or groups.

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

Reply to:

Follow-Ups:
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>

References:
- Re: Root privilege (SOLVED)
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: "Casey T. Deccio" <casey@deccio.net>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: Paul Johnson <baloo@ursine.ca>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>
- Re: Root privilege (SOLVED)
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Root privilege (SOLVED)
  - From: cga2000 <cga2000@optonline.net>

Prev by Date: Re: Why and how to blacklist soundcard or networkcard modules?
Next by Date: Re: partitioning tools for LVM
Previous by thread: Re: Root privilege (SOLVED)
Next by thread: Re: Root privilege (SOLVED)
Index(es):
- Date
- Thread