Re: Root sending messages to users
Dotan Cohen <dotancohen@gmail.com>:
> 2008/6/24 s. keeling <keeling@nucleus.com>:
> > You're that machine's god. That machine's users(! you, her, and root)
> > need their god to do the right thing.
>
> When my users strap bombs to themselves and start blowing up their
Trying to think coherently, ... [How's the weather/shrapnel? :-P]
Think scenarios. What's the screen door on a house good for? It'll
keep out a not too determined paperboy. They also piss off burglars
because they're noisy to deal with. Many new homes don't bother with
screen doors.
That scenario shows opportunities for baddies ranging from paperboys
through to determined burglars (and worse). That's a lot of
territory, and that's just one port into your house.
Think about it, and you'll see it's much better to:
- login your box.
- ssh-add your key.
- ssh somebox (anybox)
somebox ~Dotan_ % su -c 'aptitude update && aptitude upgrade'
Password:
Alternatively, one day you may find that your nephew/neice, who you've
invited in and told about Linux, has cracked root and blown away your
wife's documents. How's your backup situation? What are you going to
say to her? You're that machine's god. It and they need you to do
the right thing if it's going to continue being useful.
Worst case, one day you find out you're apparently part of a botnet
and have been unwittingly contributing to the spam/malware problem.
There've been Linux based botnets.
You certainly don't have to, but you certainly should.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
Reply to: