Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Order by: Score:
It's C vs C++ all over again
by Ninjawidget on Tue 28th Feb 2012 23:26 UTC
Ninjawidget
Member since:
2011-08-18

Anyone remember when Linus ranted about C vs C++? I'm just reminded of that rant when I read this latest one. :-)

Reply Score: 5

RE: It's C vs C++ all over again
by Rooki on Tue 28th Feb 2012 23:51 UTC in reply to "It's C vs C++ all over again"
Rooki Member since:
2011-05-12

Yeah that was good times. http://harmful.cat-v.org/software/c++/linus

Reply Score: 3

v The opposite is also true...
by rklrkl on Tue 28th Feb 2012 23:51 UTC
RE: The opposite is also true...
by No it isnt on Tue 28th Feb 2012 23:58 UTC in reply to "The opposite is also true..."
No it isnt Member since:
2005-11-14

Wow, you completely do not understand the purpose of sudo or how it works. If you don't want a user to be able to use sudo, don't place the user in the sudoers list. Anyone in that list is by definition a privileged user (a sudoer), so sudo does in fact require a privileged username and password.

Reply Score: 13

Delgarde Member since:
2008-08-19

Wow, you completely do not understand the purpose of sudo or how it works. If you don't want a user to be able to use sudo, don't place the user in the sudoers list. Anyone in that list is by definition a privileged user (a sudoer), so sudo does in fact require a privileged username and password.


It's been a while since I did a clean install of either, but I believe the default configuration of both Ubuntu and Fedora is for users to "sudo anything", using their own password for authentication. Easily changed, but it *is* the default.

Reply Score: 2

flynn Member since:
2009-03-19

It's been a while since I did a clean install of either, but I believe the default configuration of both Ubuntu and Fedora is for users to "sudo anything", using their own password for authentication. Easily changed, but it *is* the default.

That's the way it should be. sudoers are special users, but they are not root, they should not know or require the root password. They should use their own password.

Reply Score: 2

AdamW Member since:
2005-07-06

Fedora's default configuration is different from Ubuntu's, we do not set up sudo out of the box. We *do* use PolicyKit for privilege escalation for some purposes, and PK is extremely powerful and flexible and can be set up so it 'works like sudo' for some operations - i.e. allows some or all 'normal users' to perform certain operations by entering their own password, not root's.

Edited 2012-02-29 02:38 UTC

Reply Score: 4

RE: The opposite is also true...
by AdamW on Wed 29th Feb 2012 02:35 UTC in reply to "The opposite is also true..."
AdamW Member since:
2005-07-06

Ubuntu's philosophy is that the first created user account *is* a privileged user. It's a perfectly reasonable philosophy that applies to most Ubuntu use cases. User accounts beyond the first get fewer privileges than the first created account, and you can downgrade the first created account also if you prefer that.

Reply Score: 4

RE: The opposite is also true...
by Soulbender on Wed 29th Feb 2012 05:07 UTC in reply to "The opposite is also true..."
Soulbender Member since:
2005-08-18

This is something Ubuntu does via its sudo system and it's 100% wrong - -asks that can significantly change your system installation should require a privileged username/password and not a normal user's!


Your understanding of sudo is 100% wrong. What security do you think having to use the root password rather than your own gives? Hint: none. They're both passwords that you have to give and neither has an inherent security advantage over the other.
This is exactly how sudo is designed to work and it means that you can delegate privileges better than if you use a single root password.

it only accepts your own (unprivileged - or at least it should be) password!


There's no such thing as an unprivileged password. There are accounts with more or less privileges.

The very first thing I do on such a broken Ubuntu system is "sudo passwd root", so that I can su to root and do my privileged stuff that way


Never work as root, use sudo or if you really think you need to continue this bad practice: sudo su -

Genius that, because Ubuntu sets a random root password and never tells you it, ho hum.


root on Ubuntu has an empty password, not a random one, and that is why you can't log in with it. Accounts with empty passwords can by default not have interactive sessions.
And no, Ubuntu does not prompt you for the root password when fsck has to be run at boot.

Edited 2012-02-29 05:19 UTC

Reply Score: 13

laffer1 Member since:
2007-11-09

This is wrong. sudo is great for desktops. However, for servers, you should never use sudo. Why? Most servers have servers such as openssh and mail running. That means someone can brute force your password remotely. If you have a root password set, then even if they get into your account, they must take the time to brute force root. Hopefully this extra time will make it possible for someone to notice the attack.

Full sudo rights on a server == full root for everyone on the internet courtesy of botnets.

Reply Score: 3

Nico57 Member since:
2006-12-18

Then just don't run services under a sudoer's account...

Reply Score: 1

bert64 Member since:
2007-04-23

Which is why authentication via SSH keys is a good idea...
Now brute force attempts will be ineffective, and you also have two factors required in order to gain elevated privileges so even if someone steals your privatekey they still need to do extra work (and thus increase the risk of detection) in order to get root.

Reply Score: 3

Soulbender Member since:
2005-08-18

However, for servers, you should never use sudo.


No, it's great for servers and should always be used since it enables better permission control and audit trails.

Most servers have servers such as openssh and mail running.


That's why you don't use password authentication with ssh. If you need people to use sftp with passwords you always use chroot and force the accounts to be sftponly.
Most servers do not have mail running and for those that do the email username and password are more often than not different from the system users and passwords.

Hopefully this extra time will make it possible for someone to notice the attack.


If they didn't already catch the brute force on the account I doubt they'll catch the brute force on root.

Full sudo rights on a server == full root for everyone on the internet courtesy of botnets.


100% wrong.

Reply Score: 4

laffer1 Member since:
2007-11-09

Most people setup sudo to gain full access, not to run select programs. Of course it's capable of that, but it's rarely used in the wild. Most linux distros ship with it enabled like a root account.

I've seen people enable sshd on root accounts without using a key. Then they got owned. Everyday I see brute force attempts against root on my server. It's ignorant because BSD defaults to root disabled. They also had sudo turned on.

Like any tool, sudo can be used correctly but unfortunately people don't use it this way. Just because you setup your server competently doesn't mean it's common.

As for mail servers, I wasn't talking enterprise here. No LDAP. I'm thinking web hosting, virtual private servers and small shops. Anyone using sendmail + an imap server is probably using system accounts. That's default. Some of those accounts probably have shell access, especially in a hosting scenario. You don't have to agree with me, but I've seen it. I used to work for hosting companies.

Reply Score: 2

Soulbender Member since:
2005-08-18

I've seen people enable sshd on root accounts without using a key


This is not a sudo problem and does not mean sudo is not suitable for servers. It's an admin competence issue.

Like any tool, sudo can be used correctly but unfortunately people don't use it this way. Just because you setup your server competently doesn't mean it's common.


So what? Again, this is not a problem with sudo but with incompetent/inexperienced admins. Using root password instead of sudo doesn't save you from this.

No LDAP. I'm thinking web hosting, virtual private servers and small shops


Most of those systems usually run something like sogo or iredmail and most of those mail systems does not use system accounts. I still say most mail servers does not use system accounts for mail access.

I used to work for hosting companies.

So did I.

Reply Score: 4

laffer1 Member since:
2007-11-09

You seem to misunderstand what I'm saying. I'm arguing against using sudo by default on server platforms. I don't hate sudo. In fact, I've included it in my operating system. I don't think sudo itself is the problem, but rather how people talk about it. It implies a certain type of setup and use case that most people don't realize.

There are more incompetent system administrators than competent ones. It's a fact of life.

Reply Score: 1

2 remarks...
by TomF on Tue 28th Feb 2012 23:53 UTC
TomF
Member since:
2010-01-22

I agree (up to a point):

there should be 2 levels:
- root: master of the universe
- admin: capable of common tasks that affect all users on a box and yet is not capable to make liefe impossible (if you get my drift)

another distro for a macbook air ? WHY... the thing is designed for Mac OS... either you buy into that deal or you don't. I don't try to feed my cat dogfood either after all.

TomUK

Reply Score: 4

RE: 2 remarks...
by broken_symlink on Tue 28th Feb 2012 23:56 UTC in reply to "2 remarks..."
broken_symlink Member since:
2005-07-06

do you say the same thing about a laptop preloaded with windows?

Reply Score: 4

RE[2]: 2 remarks...
by ndrw on Wed 29th Feb 2012 03:48 UTC in reply to "RE: 2 remarks..."
ndrw Member since:
2009-06-30

I don't exactly agree with Tom's opinion - it makes sense for me to use different OS than OSX on Mac - that's just my personal preference (I find OSX GUI, albeit smooth and flashy, rather limiting).

But then there are two points I agree with him:
- Mac was designed for OSX and OSX was designed for Mac. This is difficult to beat as the detail hardware specs are only known to Apple devs. Contrast it with a PC - an OEM may design the hardware for Windows but Windows (just like Linux) is only made for a generic PC.
- Linux and OSX both are Unix-based systems. There are simply less incentives for switching the system. In most cases the user can simply install missing apps.

Reply Score: 4

RE: 2 remarks...
by itanic on Wed 29th Feb 2012 09:54 UTC in reply to "2 remarks..."
itanic Member since:
2008-08-03


there should be 2 levels:
- root: master of the universe
- admin: capable of common tasks that affect all users on a box and yet is not capable to make liefe impossible (if you get my drift)


That's what groups are for. Restrict common admin tasks to members of admin groups. Don't make any accounts members of the wheel/operator/admin/etc. groups unless the people who posses them can be trusted. For kids, salespeople, accountants, etc. a regular account with no privileged group memberships should be good enough. They can su to a different account with admin group membership on the occasions where they do need to do admin tasks.

Reply Score: 4

RE[2]: 2 remarks...
by TomF on Wed 29th Feb 2012 19:51 UTC in reply to "RE: 2 remarks..."
TomF Member since:
2010-01-22

That's what groups are for. Restrict common admin tasks to members of admin groups. ....


tx! seems I still have to learn more ;) will look into this

TomUK

Reply Score: 1

RE: 2 remarks...
by ggeldenhuys on Thu 1st Mar 2012 10:52 UTC in reply to "2 remarks..."
ggeldenhuys Member since:
2006-11-13

another distro for a macbook air ? WHY... the thing is designed for Mac OS... either you buy into that deal or you don't. I don't try to feed my cat dogfood either after all.

The issue has nothing to do with hardware. The security is ALL software!

As for using a different OS on Apple hardware... I don't see any problem with that. Apple makes decent hardware, so why are we not allowed to run our own software on that decent hardware.

Look around! Most laptops are crap and made of plastic, or feel pasticy. Most have low battery life compared to Apple laptops. Also most laptop manufacturer buy into this crap low resolution widescreen monitors - because it's cheaper (thanks to all the LCD TV's). When last did you see a 1.6 ratio laptop monitor? Apple still makes those!

Reply Score: 2

Getting Tired
by tuma324 on Tue 28th Feb 2012 23:54 UTC
tuma324
Member since:
2010-04-09

Am I the only one who is getting tired with all of his rants and with the attention they get?

He may be a smart person and he might be right about what he is ranting about. I'm also grateful for Linux and Git, and I kinda feel sorry for his daughter.

However, does that gives him the permission to call other people "morons" and "mentally diseased" ALL THE TIME. Worse yet, asking them to kill themselves?

I don't know but this is getting old, it causes too many issues in FOSS and people get negative and fight all the time.

Does anyone else feels the same way? *sigh* :-(

Edited 2012-02-29 00:07 UTC

Reply Score: 15

RE: Getting Tired
by Gullible Jones on Wed 29th Feb 2012 00:02 UTC in reply to "Getting Tired"
Gullible Jones Member since:
2006-05-23

Have to agree on that. His statement re Linux distros is (IMO) correct, but recommending suicide on the internets is stupid - you never know what nutcase/zealot/idiot/gossip might be listening.

Not sure that this has any impact on FOSS usage though. I mean, Steve Jobs was an epic screwball and people still bought (and continue to buy) tons of Apple shit. *whistles*

Reply Score: 4

RE[2]: Getting Tired
by jgagnon on Wed 29th Feb 2012 01:39 UTC in reply to "RE: Getting Tired"
jgagnon Member since:
2008-06-24

Some people need to lighten up and/or get up to date with slang terms. "Kill yourself now" does not mean you expect someone to actually kill themselves, just like "that's cool" does not mean "that's cold to the touch".

/sigh

This world will PC itself to death some day.

Reply Score: 10

RE[3]: Getting Tired
by tuma324 on Wed 29th Feb 2012 01:43 UTC in reply to "RE[2]: Getting Tired"
tuma324 Member since:
2010-04-09

Some people need to lighten up and/or get up to date with slang terms. "Kill yourself now" does not mean you expect someone to actually kill themselves, just like "that's cool" does not mean "that's cold to the touch".

/sigh

This world will PC itself to death some day.


Sorry but English is not my native or first language, it might not be obvious for me at first.

Reply Score: 4

RE[4]: Getting Tired
by Fergy on Wed 29th Feb 2012 05:27 UTC in reply to "RE[3]: Getting Tired"
Fergy Member since:
2006-04-10

Sorry but English is not my native or first language, it might not be obvious for me at first.

Linus Torvalds isn't a native speaker either but if you spent a little time on the internet you could pick up the slang. This is just a matter of free speech. If you don't like what or how somebody is saying something you simply don't listen(or kill yourself).
http://knowyourmeme.com/memes/go-kill-your-self

Edited 2012-02-29 05:30 UTC

Reply Score: 4

RE[4]: Getting Tired
by Savior on Wed 29th Feb 2012 08:48 UTC in reply to "RE[3]: Getting Tired"
Savior Member since:
2006-09-02

Come on, even then, obviously you understand the meaning of his words. If someone said something to the same effect in your own mother tongue, would you interpret it literaly or sardonically? If the first, it's not a problem of foreign language understanding for sure.

Reply Score: 3

RE[3]: Getting Tired
by AdamW on Wed 29th Feb 2012 02:40 UTC in reply to "RE[2]: Getting Tired"
AdamW Member since:
2005-07-06

er, the alternative slang meaning of 'cool' is universally established and understood and has been for decades. I've never, ever, heard anyone suggest that 'kill yourself' has some kind of alternative slang meaning until you did, just now. It may be the case that Linus didn't mean it literally and that should be 'obvious' from tone / context, but that's a much more nuanced case than a term which clearly and simply just has two meanings that just about everyone understands.

Edited 2012-02-29 02:40 UTC

Reply Score: 5

RE[4]: Getting Tired
by jgagnon on Wed 29th Feb 2012 03:13 UTC in reply to "RE[3]: Getting Tired"
jgagnon Member since:
2008-06-24

I live in the US and where I live now and where I grew up "kill yourself now", while not universal, is a common term to anyone under 40(ish). /shrug As you said, it was obviously not intended to be taken literally.

I'm not so much supporting Linus as I am rallying against people that think nothing offensive should be said ever. The "PC" crowd. They're ruining the world's sense of humor. :p

Reply Score: 3

RE[3]: Getting Tired
by Bill Shooter of Bul on Wed 29th Feb 2012 05:32 UTC in reply to "RE[2]: Getting Tired"
Bill Shooter of Bul Member since:
2006-07-14

Not all native English speakers will pick up on that slang either. In fact most people I talk with on a daily basis will think that expression is advocating suicide.

It is most definitely not on the same level of universal understanding as "cool".

Reply Score: 5

RE[4]: Getting Tired
by Soulbender on Wed 29th Feb 2012 06:35 UTC in reply to "RE[3]: Getting Tired"
Soulbender Member since:
2005-08-18

I talk with on a daily basis will think that expression is advocating suicide.


How stupid are those people? Really? There's no way in hell any person, native speaker or not, could possible take Linus words as actually advocating suicide. Unless you're an complete moron. Maybe it's not a good expression, maybe some people are offended by it but that's not the point.
There's really no kind way to put this; if you think Linus is actually advocating real-life suicide you're an idiot.

Reply Score: 5

RE[5]: Getting Tired
by Bill Shooter of Bul on Wed 29th Feb 2012 13:39 UTC in reply to "RE[4]: Getting Tired"
Bill Shooter of Bul Member since:
2006-07-14

No, I wouldn't say they are stupid, anymore than I would call you stupid for not understanding why. Its a difference in culture, not intelligence.

Edited 2012-02-29 13:39 UTC

Reply Score: 4

RE[6]: Getting Tired
by Soulbender on Thu 1st Mar 2012 03:44 UTC in reply to "RE[5]: Getting Tired"
Soulbender Member since:
2005-08-18

No, it is stupid. There are so many sayings in all languages of the world that are not meant to be taken literally. Should we all stop using those because the highly unlikely chance that it might encourage some moron to follow them literally?
I'd say "go fuck yourself" but that might encourage you to masturbate and we all know that makes you blind.

Reply Score: 4

RE[7]: Getting Tired
by Bill Shooter of Bul on Thu 1st Mar 2012 22:18 UTC in reply to "RE[6]: Getting Tired"
Bill Shooter of Bul Member since:
2006-07-14

Should we all stop using those because the highly unlikely chance that it might encourage some moron to follow them literally?


No, you should not be surprised when members of a different culture unfamiliar with your culture do not understand your culture. Its not a value judgement on either culture.

Reply Score: 4

RE[3]: Getting Tired
by boudewijn on Wed 29th Feb 2012 08:53 UTC in reply to "RE[2]: Getting Tired"
boudewijn Member since:
2006-03-05

That still doesn't make it right. It's wrong to call upon people to kill themselves. It's wrong to say of other people that they're braindead.

If that's PC'ing the world to death, then so be it.

It's not about needing to lighten up, it's about needing to learn basic manners.

Reply Score: 5

RE: Getting Tired
by UltraZelda64 on Wed 29th Feb 2012 08:15 UTC in reply to "Getting Tired"
UltraZelda64 Member since:
2006-12-05

"Am I the only one who is getting tired with all of his rants and with the attention they get?"

Maybe not, but I enjoy them quite a bit myself... and he raises some good points.

"However, does that gives him the permission to call other people 'morons' and 'mentally diseased' ALL THE TIME."

Why not? He can say whatever the hell he wants. Whether you agree or disagree, fine, argue if you want. But there's no reason to bitch about his choice of language.

"Worse yet, asking them to kill themselves?"

I honestly doubt that he meant that in a 100% serious, non-joking way. If anyone is getting pissed because they really think he is being completely serious, maybe they need to quit jumping at conclusions or consider anger management. Chances are, you're getting mad over nothing.

Does anyone else feels the same way?

I only have seven more words to say: shit, piss, fuck, cunt, cocksucker, motherfucker, and tits. ;)

If that gets you mad, go smoke a bowl and relax.

Reply Score: 4

RE[2]: Getting Tired
by Kebabbert on Thu 1st Mar 2012 10:10 UTC in reply to "RE: Getting Tired"
Kebabbert Member since:
2007-07-27

Anyway, I think we all can agree that Linux Torvalds has some attitude problems. I mean, why would you call OpenBSD developers for "masturbating monkeys" because they think security is important?

With a big ego such as Linus T, I doubt he would let anyone govern over his creation. I mean, if I created something, would I let someone else decide the name? Hell no.

There is no chance that "Linus T friend decided to call it Linux". With such a big ego, it was Linus T that decided to call it Linux.

As Stallman said: "I am not the one who calls GNU for Stallmanix" - implying that to name a creation after yourself requires some ego.

Reply Score: 1

RE[3]: Getting Tired
by Soulbender on Thu 1st Mar 2012 11:17 UTC in reply to "RE[2]: Getting Tired"
Soulbender Member since:
2005-08-18

[As Stallman said: "I am not the one who calls GNU for Stallmanix"


He really wants to call it GNU/Linux though.

Reply Score: 2

RE[3]: Getting Tired
by UltraZelda64 on Thu 1st Mar 2012 19:23 UTC in reply to "RE[2]: Getting Tired"
UltraZelda64 Member since:
2006-12-05

"Anyway, I think we all can agree that Linux Torvalds has some attitude problems. I mean, why would you call OpenBSD developers for "masturbating monkeys" because they think security is important?"

Maybe because... he has a sense of humor? What you may perceive as a threat or declaration for war may have been nothing more than a humorous stab at OpenBSD for going overboard (in his opinion; debate this all you want, but he probably realizes pure security can get in the way, and is most likely referring to that). I took it as a joke, laughed about it, forgot about it, and then moved on. Well, until you brought it up again complaining. Really... it's no big deal, despite the insanity some of you are trying to make it out to be. Bottom line: WHO CARES?!?

Reply Score: 2

RE: Getting Tired
by boudewijn on Wed 29th Feb 2012 08:51 UTC in reply to "Getting Tired"
boudewijn Member since:
2006-03-05

You're not the only one. I'm getting just as tired, especially because he's setting an example and people seem to think that it's okay to behave like that everywhere.

It's what leads to posts like this:

http://stormyscorner.com/2012/02/its-scary-to-join-an-open-source-p...

Reply Score: 4

RE: Getting Tired
by wibbit on Thu 1st Mar 2012 13:41 UTC in reply to "Getting Tired"
wibbit Member since:
2006-03-22

It's a pity, that due to his fame, and more importantly other people apparently blindly following and agreeing (or not blindly, but taking a considered view, and agreeing), and with news sites further highlighting his views, that he should be censored, and would not be allowed the same freedom as you or I.

Why is it, that I could say that, yet he can not?

Yes yes, fame, moral responsibility (and advocating shooting one's self is a bit extreme, but it's obviously meant in humour), however I don't think this is at all extreme, it is, as he said, a simple rant.

Reply Score: 1

RE: Getting Tired
by Flatland_Spider on Fri 2nd Mar 2012 19:27 UTC in reply to "Getting Tired"
Flatland_Spider Member since:
2006-09-01

You'd think he would be a more well spoken at this point in his life.

Anyway, Theo's rants are better, and he was doing it when it wasn't cool. ;)

Reply Score: 1

Gullible Jones
Member since:
2006-05-23

[NB: I am not a computer security expert. Do not take my word on any of the following.]

Changing the system time probably has little security relevance these days (I think?). And for CUPS, it strikes me that authenticating as root by default might not be such a hot idea in a multi-user environment, and is a pain for a single user. So most distros' default configurations leave something wanting there. OTOH I only know of one distro (Slitaz) that requires the root password for wireless configuration.

BTW, two points that I think may be relevant to this:

1. Principle of least privilege says that too much restriction can be bad. Every task that unnecessarily demands root privileges is potentially exploitable.

2. Prompting for passwords all the time can also be bad, since a malicious application could potentially nab the password.

Of course that's kind of moot now, seeing as it's all about money and personal info these days, and the sorts who go after home users may not even need root to do their dirty work... Even so.

P.S. #2 is something Windows (theoretically) does right and popular Linux distros do wrong. Windows prompts you about admin actions every time, without requesting a password. Ubuntu, etc. prompt for the password, and then give you five minutes or so of passwordless root access without any notification. The Linux method strikes me as much more inviting for social engineering attacks.

Reply Score: 3

Flatland_Spider Member since:
2006-09-01

The five minute time out is a setting that can be changed in the sudo config. It's a convenience thing for command line users.

Yeah, OSs really need to try to sandbox the user much more then they already to. Eveything still has that DOS mentallity that the user should have complete control of the computer, when in reality they just need control of their profile/home dir unless they need to make a system wide change.

For instace, software should have the option of installing system wide or just for the user. If the software is going to be system wide, then authentication is asked for, and if it's user only, then the software gets installed into a programs folder.

There is support for this (PortableApps for windows and compiling from source Unix, for instance), but it's not mainstream.

Reply Score: 1

changing security manually
by stabbyjones on Wed 29th Feb 2012 00:02 UTC
stabbyjones
Member since:
2008-04-15

I've never looked into it as i don't manage Linux professionally but shouldn't there be a way of assigning users the ability to do these things?

It might not be simple but there has to be a way of assigning users/groups access to the required privileges.
Personally I've never had to look at this because i maintain my own systems so i know the root password.
But I'd have thought that that's what users and groups was for in the very least.

EDIT: (http://wiki.debian.org/SystemPrinting#Add_Printer)

and adding a printer via the Administration screen. If you get a permission error, try adding yourself to the group lpadmin. E.g. if you are user "tom":

sudo usermod -a -G lpadmin tom

Edited 2012-02-29 00:09 UTC

Reply Score: 6

RE: changing security manually
by stestagg on Wed 29th Feb 2012 00:16 UTC in reply to "changing security manually"
stestagg Member since:
2006-06-03

If you need to become root to allow yourself to not become root to configure your printer, then your distro has failed ;)

Reply Score: 6

stabbyjones Member since:
2008-04-15

Not if by default everyone is added to the lpadmin group. which is probably what Linus is complaining about.

Whether you want to allow or disallow something will require root but once deployed should be okay. you can give the users group access instead of a single user.

http://fai-project.org/

Smart admins do the customising before the user gets a hold of something. ;)

Reply Score: 3

RE: changing security manually
by Soulbender on Wed 29th Feb 2012 04:29 UTC in reply to "changing security manually"
Soulbender Member since:
2005-08-18

I've never looked into it as i don't manage Linux professionally but shouldn't there be a way of assigning users the ability to do these things?


Yes, it's called sudo. It's simple to configure sudo so that password is not required for certain tasks.

Reply Score: 3

Comment by shmerl
by shmerl on Wed 29th Feb 2012 00:21 UTC
shmerl
Member since:
2010-06-08

That's what sudo is for isn't it? Just add primary computer users to sudoers list.

Reply Score: 4

RE: Comment by shmerl
by Priest on Wed 29th Feb 2012 07:20 UTC in reply to "Comment by shmerl"
Priest Member since:
2006-05-12

Having full sudo isn't much different than having root.

Reply Score: 3

RE[2]: Comment by shmerl
by dbodner on Wed 29th Feb 2012 08:55 UTC in reply to "RE: Comment by shmerl"
dbodner Member since:
2007-07-01

Luckily sudo can do far more than just give people "su" access.

Reply Score: 1

RE[2]: Comment by shmerl
by shmerl on Wed 29th Feb 2012 16:29 UTC in reply to "RE: Comment by shmerl"
shmerl Member since:
2010-06-08

The point is, you need to input your password, not root's.

Reply Score: 2

Comment by Brynet
by brynet on Wed 29th Feb 2012 00:40 UTC
brynet
Member since:
2010-03-02

Sounds like a perfect recipe for becoming a single-user operating system.

Reply Score: 3

RE: Comment by Brynet
by Delgarde on Wed 29th Feb 2012 01:01 UTC in reply to "Comment by Brynet"
Delgarde Member since:
2008-08-19

Sounds like a perfect recipe for becoming a single-user operating system.


A great many Linux systems *are* single user - indeed, if you're talking about desktop distros, almost all of them are. And on such systems, Linus is right - the default behaviour should be to annoy the user as little as possible, and with the ability to tighten security as-needed (e.g for genuine multi-user systems).

Reply Score: 2

RE[2]: Comment by Brynet
by brynet on Wed 29th Feb 2012 01:08 UTC in reply to "RE: Comment by Brynet"
brynet Member since:
2010-03-02

The recommendations of suicide from Linus were clearly misdirected.

Reply Score: 4

RE[3]: Comment by Brynet
by Fergy on Wed 29th Feb 2012 05:33 UTC in reply to "RE[2]: Comment by Brynet"
Fergy Member since:
2006-04-10

The recommendations of suicide from Linus were clearly misdirected.

What do you mean? "kill yourself"=you should be terribly ashamed of yourself.

Reply Score: 2

Time
by siki_miki on Wed 29th Feb 2012 00:44 UTC
siki_miki
Member since:
2006-01-17

Not a good example. It makes sense to have one universal "machine" time (e.g. UTC) while users could have time displayed as they wish (like per-user timezones). This needs to be supported in UI's to be presented properly. however if the clock is off by minutes or seconds, there should be a way to tune it. For example user could initiate sync with time servers (which still can be spoofed in emulated network setup unless secure NTP is used).

For everything else he said I agree. Many things should be looser by default (for home desktops at least) like printers, wifi, etc. Network printers are good example of nonsense. Even if "secured" CUPS is there, what (in theory) prevents user from opening a network port to talk to a printer?

Microsoft also had to deal with these problems when they adopted UAC. Windows7 already has it much better toned down than Vista.

Reply Score: 2

Root
by Lorin on Wed 29th Feb 2012 01:20 UTC
Lorin
Member since:
2010-04-06

I really don't care so much about needing a root password to do things, but what I can't accept is being required to use a root password every time I do something when I have never logged off. What is so hard about entering that password once and leaving it alone until you log off or lock the desktop?

Reply Score: 2

Comment by ilovebeer
by ilovebeer on Wed 29th Feb 2012 02:28 UTC
ilovebeer
Member since:
2011-08-08

What I find humorous is that the separation of root, elevated privileges, and general users is intended to provide security. But a whole hell of a lot of systems don't use this hierarchy as intended and thus their systems security is compromised....and they don't even realize it.

Reply Score: 2

RE: Comment by ilovebeer
by dnebdal on Wed 29th Feb 2012 14:22 UTC in reply to "Comment by ilovebeer"
dnebdal Member since:
2008-08-27

It can easily be like how overly strict password policies lead to unsafe password storage - if you make your security system too annoying, the workarounds will be worse than if you implemented a less safe but also less annoying system in the fist place. And what constitutes "too annoying" shifts greatly between systems; a single-user laptop should be less finicky than a multiuser server, etc.

Reply Score: 1

Really the solution to the problem exists
by oiaohm on Wed 29th Feb 2012 03:19 UTC
oiaohm
Member since:
2009-05-30

Linus has every reason to be upset.

http://www.freedesktop.org/wiki/Software/PolicyKit is directly designed to address the issue.

Network configuration who is allowed to change modify and what ever form of alteration using network-manager is defined by policy kit.

This is a case of distributions not providing the latest and some software needing to be updated to support latest.

Policykit is that is allowances are application dependant. So privileged is granted on a per application base to request a Policy-kit action.

Policykit is not a grant all like windows admin where random programs can get up to admin rights.

Linus has more than enough reason to what to kill distributions over this. There is no reason to be still using old sudo methods.

Edited 2012-02-29 03:22 UTC

Reply Score: 3

I'm happy Linus has weighted in
by ndrw on Wed 29th Feb 2012 03:21 UTC
ndrw
Member since:
2009-06-30

Except for a few user-friendly distributions most Linux systems are configured as if they were all deployed on thin-clients in a bank. The problem is that small users are much more reliant on the defaults - they don't have their own teams of system administrators and their needs/environment is much more dynamic.

I would go even further and allow users to install software from official repo without root password or sudo. We still want to make sure it is the user who initiates the process but that's all. It can probably be done without a password and certainly without a root password.

Interestingly most problems I experience don't come from major installations (these have good administrators and procedures) and not from my home installations (I simply use sudo). They all come from minor networked installations (workstations), where some self-proclaimed sysadmins have installed an ancient version of CentOS, locked it down (or rather not UNlocked) and declared the job done. We could blame these admins for sloppy work ("OMG, they don't do security updates!") but I've seen it happen in so many different place so there is clearly a mismatch between what distributors expect sysadmins to do and what they really do.

Reply Score: 3

oiaohm Member since:
2009-05-30

Policy kit as a mentioned before and http://www.packagekit.org/

Now you don't need root password to install applications. Can ask for users password or no password at all.

This is a simple case of distributions not providing configuration front ends for policykit.

Lot of times if you are using sudo you should not be this more often than not shows defective distribution.

Having a rights control system then no way to make it simple to manage is a major defect.

Reply Score: 3

ndrw Member since:
2009-06-30

Once deployed and configured properly both sudo and policykit do the job. As a user I have no preference for any of them. Chances are that I'll get sudo before PackageKit (just because PackageKit is somewhat newish), and I'd be perfectly happy with it.

Unfortunately, if the default is to have sudo/PK disabled and there is no easy switch to enable it I'll still have to use my Linux workstation as a dumb terminal and compile everything from sources. It isn't exactly "using an OS", more like "fighting" it.

Reply Score: 2

ugghh!
by TechGeek on Wed 29th Feb 2012 04:35 UTC
TechGeek
Member since:
2006-01-14

I know most people thinks its a hassle to type in the root password, but seriously, how many times do you configure printers? Or the time? There were legitimate security concerns for everything that requires root. Once you unlock these services from root, they become vehicles for malicious attacks on the system. Remember, one of the benefits of Linux is that everything runs as its own user. That means by default, all Linux boxes are multiuser whether you like it or not.

Reply Score: 4

RE: ugghh!
by ndrw on Wed 29th Feb 2012 06:25 UTC in reply to "ugghh!"
ndrw Member since:
2009-06-30

I know most people thinks its a hassle to type in the root password, but seriously, how many times do you configure printers?


It's a hassle to obtain the root password, which shouldn't be required for routine stuff in the first place. In fact obtaining a root password is often impossible and the user is then left with a desktop crippled to the point of being unusable (seriously, I prefer using Windows XP with Linux inside a VM than a system like that).

Connecting a printer, mounting a filesystem, connecting to a network, installing some non-privileged apps or bugfix upgrades of privileged ones - these are all legitimate user tasks on decentralized systems (which is almost all of the current deployments), none of them should require "I own the world" type of permission.

Reply Score: 3

RE[2]: ugghh!
by oiaohm on Wed 29th Feb 2012 08:09 UTC in reply to "RE: ugghh!"
oiaohm Member since:
2009-05-30

You are not thinking this through.

Virus and Malware you don't want messing with those settings.

Policykit is design for the particular problem. Because it approve applications to do things.

sudo becomes unworkable as so as you try filtering to applications.

"I own the world" type of permission. Is what the problem is. Policykit provides another set of permissions. This application is trusted todo the following. And only this app. Even if the app is trusted it then asks the user the first time they use that app if they do wish to use its privileged options.

This is creating true secuirty by obscurity. Because attacker has to know what application you use for task not to be noticed.

Reply Score: 2

RE[3]: ugghh!
by ndrw on Wed 29th Feb 2012 08:33 UTC in reply to "RE[2]: ugghh!"
ndrw Member since:
2009-06-30

I have a problem understanding you. Can you write what's your point again?

Reading through your answer it looks as if you're disagreeing with me but then you confirm all the issues I've risen.

Is it just that you prefer PolicyKit over sudo? That's fine with me - I have no problem with PolicyKit (but then I have no problem with sudo either).

Reply Score: 2

RE[3]: ugghh!
by Soulbender on Wed 29th Feb 2012 13:18 UTC in reply to "RE[2]: ugghh!"
Soulbender Member since:
2005-08-18

This application is trusted todo the following.


How is this better than "this user is allowed to do A and B but not C"?

This is creating true secuirty by obscurity.


Because security through obscurity is so awesome...

Reply Score: 3

RE[4]: ugghh!
by ndrw on Wed 29th Feb 2012 14:05 UTC in reply to "RE[3]: ugghh!"
ndrw Member since:
2009-06-30

How is this better than "this user is allowed to do A and B but not C"?


From a sysadmin's point of view on security? Not at all. Mind you, that's a very narrow view. Especially when you consider typical dekstop installations, where "the system" can be reinstalled in an hour and all valuable data are in home directories.

From user data security point of view - a lot. There is a big difference between user actions in e.g. synaptic and firefox. I'd like to have access to the printer setup when I explicitly ask for it (e.g. in an appropriate config dialog box) but now when I compile a program or browse Internet.

Reply Score: 3

RE[5]: ugghh!
by Soulbender on Thu 1st Mar 2012 03:39 UTC in reply to "RE[4]: ugghh!"
Soulbender Member since:
2005-08-18

So it's not better as much as it is a different use-case.

but now when I compile a program or browse Internet.


But is this actually how policykit is set up on any current distro? I'm pretty sure any application run in the user account has full access to all user data.
As you said, the system can be re-installed in an hour so a system compromise or failure is not as serious as that of user data loss.

Reply Score: 3

RE[6]: ugghh!
by ndrw on Thu 1st Mar 2012 06:45 UTC in reply to "RE[5]: ugghh!"
ndrw Member since:
2009-06-30

But is this actually how policykit is set up on any current distro? I'm pretty sure any application run in the user account has full access to all user data.


I'm pretty sure that's the case, indeed. I wasn't referring to available solutions, rather to the user (well, my) needs.

In a sense, whenever I unplug the LAN cable because I'm trying an application I don't trust, I'm doing just that. I'm taking away a privilege to talk to the network. Of course, network access is only one of available privileges and unplugging a cable isn't exactly a "software" solution.

As you said, the system can be re-installed in an hour so a system compromise or failure is not as serious as that of user data loss.


One thing to remember is that system security is necessary (but not sufficient) for user data security. This is where user accounts work rather well but they are too inconvenient for more fine-grained access control. No one will setup a separate user account for running a web browser because that's too much hassle (configuration, file access permissions, different home dirs etc.).

Extensions of this model (sudo, PolicyKit) allow some flexibility but they are still fairly static and are configured at the system level (by an administrator).

This is a misconception - on single-user systems the user _is_ the admin so at any time, he should be able to decide which permission he needs and which permissions he waives (just like I can unplug the LAN cable whenever I want). Think of it as of Android app permissions (except that the user should be able to grant/revoke single permissions even at runtime).

Reply Score: 2

Simple solution
by dulus on Wed 29th Feb 2012 07:44 UTC
dulus
Member since:
2006-07-14

There is simple solution - always be logged as root :-D

Reply Score: 2

Not designed for his daughter.
by spiderman on Wed 29th Feb 2012 08:05 UTC
spiderman
Member since:
2008-10-23

Maybe OpenSuse is not designed for his daughter?
What about all the people who use OpenSuse on their servers? What If I have a team of web developers and admins spread across the world and every morning they change the system time because they think it's not right in their country? What if I don't want developers at the other side of the world to print crap on my printer?

Reply Score: 4

Gone fishing Member since:
2006-02-22

Opensuse you can print and connect to a network without root. At least in Gnome (KDE?) it uses network manager by default and you don't need root. It's only if you use Yast turn network manager off and use ifup do you need root. As Yast is a centralised management system that is right.

Reply Score: 4

RE: Not designed for his daughter.
by ndrw on Wed 29th Feb 2012 09:17 UTC in reply to "Not designed for his daughter."
ndrw Member since:
2009-06-30

Server is a quite different story, isn't it. First of all there are no interactive session on the server, so the whole issue simply doesn't apply to you.

Another exception is a classic centrally controlled terminal server configuration. Here also the sysadmin is a "god".

In both cases the systems are installed and configured by a qualified personnel and don't change over time. The sysadmin should be able to setup (and lock) time and printers fairly easily.

These use cases are very different from a single-user desktop or a shared workstation, which are far more dynamic and often have no sysadmin at all or maintained collectively anyway. In these scenarios "security" is more about making it less likely to shoot yourself in the foot than about locking down the system. The traditional account-based security model (with holes in form of suid's, sudo, policykit) kind of does the job but since it was specifically designed for large centralized rigid time-share systems from '70s there are glitches all over the place and some important aspects of security (user data) are completely neglected.

Reply Score: 3

Soulbender Member since:
2005-08-18

What about all the people who use OpenSuse on their servers?


Server's are fundamentally different from workstations and as such different security profiles (or whatever you want to call it) would be a good idea.

What If I have a team of web developers and admins spread across the world and every morning they change the system time because they think it's not right in their country?


So what? It's a workstation. I certainly hope the people in your team who's half-across the world can change the time if needed and don't have to wait for someone in your part to wake up and do it for them.

What if I don't want developers at the other side of the world to print crap on my printer?


I don't see what root or not has to do with this. Do you give them all shell access to your workstation or something?

Reply Score: 2

Comment by Gone fishing
by Gone fishing on Wed 29th Feb 2012 08:15 UTC
Gone fishing
Member since:
2006-02-22

need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings


Wireless networking and printing and I see no reason why you should have root or sudo access but in the Linux systems I'm thinking of you don't need to. Changing the time is different if you set the time in the past, so the file system has files created in the future it going to be a problem you should need root or sudo.

Reply Score: 3

RE: Comment by Gone fishing
by dnebdal on Wed 29th Feb 2012 14:28 UTC in reply to "Comment by Gone fishing"
dnebdal Member since:
2008-08-27

Kerberos tickets (and possibly some other forms of authentication and crypto) are time-dependant. Roughly speaking, the two sides encrypt their timestamps, and the opposite end only accepts if the time is reasonably close to its own. I don't know if being able to change the time on at least one end would allow any interesting attacks, but it sounds vaguely plausible?

(The typical place to run into this is weird login issues if your local time is horribly wrong.)

Edited 2012-02-29 14:29 UTC

Reply Score: 2

Wait... root? what root?
by pfortuny on Wed 29th Feb 2012 08:39 UTC
pfortuny
Member since:
2006-02-05

My computer (a mobile phone) uses a single password for everything.

Is that supposed to be OK or not?

I mean, which world are we living in? "root"... "root"!! "root"??? rotten.

More than one password == people will use the same everywhere.

People (THE people) are not geeks. Root means nothing to them. The point is: anything assuming two or more personalities on a (most likely) single-user device is broken by itself.

On multiuser systems: of course it makes sense to require another password for changing the wifi: are you going to let anyone disconnect the network? Or the printer?

So, it depends on the system requirements.

As ... always.

Reply Score: 1

I think it's better, tbh
by gan17 on Wed 29th Feb 2012 10:06 UTC
gan17
Member since:
2008-06-03

I don't mind needing root passwords for everything, I prefer it in fact. Maybe it's because I use a lot of BSD.

Might sound moronic to Linus, but imho it prevents Android levels of moronism.

Reply Score: 4

v Run as root!
by lucm on Wed 29th Feb 2012 11:33 UTC
RE: Run as root!
by Gone fishing on Wed 29th Feb 2012 12:47 UTC in reply to "Run as root!"
Gone fishing Member since:
2006-02-22

I have absolutely none of those problems. I just run as root all the time. Heck, root IS my user account.

and

Stop being a sissy. Every time you sudo a command, you deserve to have your man card taken away

wtf

This is the high testosterone you'll never take me alive bastards school of computing?

Seriously using root as your account how is that anything other than stupid? What is difficult about sudo –i if you don’t want to sudo all the time? You want to enable root no problem to administer the system but to use it as your personal account?

Surely Linus's point is you should only need to use root to administer the box not to use it.

Reply Score: 2

RE[2]: Run as root!
by Soulbender on Wed 29th Feb 2012 13:14 UTC in reply to "RE: Run as root!"
Soulbender Member since:
2005-08-18

I think he's being sarcastic, what with the Windows 95 reference and all. At least I hope he is.

Reply Score: 4

RE[2]: Run as root!
by lucas_maximus on Wed 29th Feb 2012 18:40 UTC in reply to "RE: Run as root!"
lucas_maximus Member since:
2009-08-18

Relevant.

http://www.theregister.co.uk/2006/02/24/bofh_2006_episode_8/

But aren't you afraid you'll accidentally type in some command that would crash the system?"

"No more that I'm afraid I'll accidentally say something like You're a complete fraud!"

"That's completely different."

"Yes, it's a lot easier to say something without thinking than to type it."


While humorous illustrates an important point.

Not running as Root is for people that can't be trusted.

If it is your own box and you decided to do something that requires root, you are just going to say "f--k it I will use sudo" .. and run the command anyway.

Super user is there for an Admin to stop stupid people killing their systems. I don't consider myself stupid.

So I run as Admin ... and I use my intelligence to defend against threats.

I am also one of the few people that have worked in a development company that didn't have a development environment ... well I did but it was also the Live environment so I like to fly by the seat of my pants.

Edited 2012-02-29 18:42 UTC

Reply Score: 2

...
by Hiev on Wed 29th Feb 2012 16:07 UTC
Hiev
Member since:
2005-09-27

Despite his way to express his opinion he hits the nail.

There is no usability in the distros, the only ones that care to work on that is GNOME and it just makes the desktop, not the distro.

Reply Score: 2

Comment by Anonymous Penguin
by Anonymous Penguin on Wed 29th Feb 2012 16:15 UTC
Anonymous Penguin
Member since:
2005-07-06

I agree. Somebody went as far, years ago, as saying that there is no reason why you shouldn't login as root: http://imperial-command.net/myths-about-root.html

There is a security paranoia among *nix users and developers, and that includes OS X as well. You are asked for your password far too often. I agree with user Gullible Jones: "Windows prompts you about admin actions every time, without requesting a password."
And yet *nix operating systems are much safer by design.

Reply Score: 2

Gullible Jones Member since:
2006-05-23

Running as root != not requiring a password for privilege elevation. Distros like Puppy that run as root all the time won't prompt you at all if something tries to install a rootkit. Windows 7 will, at least in theory.

(In practice it may not, due to holes in UAC. But it's better than nothing.)

Of course neither will protect you from a userspace keylogger that steals your passwords, and only stays hidden by virtue of not having a GUI. Sure, you could find it in top/TaskMgr, but by then it might have your PIN!

Reply Score: 2

Comment by Luminair
by Luminair on Wed 29th Feb 2012 19:11 UTC
Luminair
Member since:
2007-03-30

"please just kill yourself now. The world will be a better place"

lol

that would get me in trouble but HE'S RIGHT FUCKERS

Reply Score: 2

Has this guy gone nuts?
by jefro on Wed 29th Feb 2012 22:37 UTC
jefro
Member since:
2007-04-13

For decades, operating systems and applications have been the target of hackers because of major and minor holes in security. The most mundane holes can easily be exploited. Unless linux wants to fix the entire OS so that it is protected at hardware level, the only solution is to secure everything.

Reply Score: 1

As usual, Linus is right
by uteck on Thu 1st Mar 2012 02:30 UTC
uteck
Member since:
2006-07-16

I ran across this issue on the corporate linux desktop I am working on. I can't allow users full sudo to install a printer, and even setting sudo to allow domain^users access did not work since the menu item for system-config-printer includes calling gksu, so it prompts for a password anyway. So I have to replace the menu item with one that does not call gksu, I am sure I am going to run across more items like this once it gets deployed.

Reply Score: 1

Linus does not understand security
by moondevil on Thu 1st Mar 2012 07:23 UTC
moondevil
Member since:
2005-07-08

Linus might be a very competent person, and he has achieve things in life I can only dream of, but he just does not understand security.

The examples he refers to can all be a potencial security exploit, hence the requirement to not allow the normal user account to do those tasks.

Deconstructing his examples:

Adding a printer
Might require access to another driver besides the default one. Which if not installed, will need to be installed thus opening a security exploit, depending on the source of the driver binary.


Attaching to a new wireless network
It exposes the computer to a another network. Depending on the wireless security settings, another exploit vector might now be open to the world.

Changing system time
Many OS services/daemons depend on the current time and take decisions based on time. Every time you change system time, it might have unexpected consequences on system behavior.

Reply Score: 2

ndrw Member since:
2009-06-30

All these examples are legitimate user tasks on single-user desktops or shared workstations.

Guess what, the user _will_ do all of this (after jumping through several hops) because he _is_ the admin. OTOH, the user _will not_ create another low privileged account for running his browser or Skype, ideally one per identity, even though that would greatly enhance his own security and privacy.

Centrally managed time-sharing systems are a different story but (1) Linus didn't talk about them, (2) they have staff who know which distribution to choose or how to change default configuration.

Reply Score: 2

Soulbender Member since:
2005-08-18

Adding a printer

There's no reason this should require me to give my password or the root password if I have already done so at least once in this session. A UAC like popup prompt would be enough and perhaps that should only be done if a driver install is needed.


Attaching to a new wireless network

This doesn't require root privileges on any recent distro I have used so I don't know if/why OpenSUSE does. Maybe it's a Yast thing or something.
There's no real security benefit to requiring the root password for this.

Changing system time

See adding a printer.

Note that we're talking about *personal* workstations and laptops here, not corporate ones or thin clients or servers.

Edited 2012-03-01 11:25 UTC

Reply Score: 4

MrWeeble Member since:
2007-04-18


Adding a printer
Might require access to another driver besides the default one. Which if not installed, will need to be installed thus opening a security exploit, depending on the source of the driver binary.

Agreed installing software should require enhanced security; but, if the user is happy using a pre-installed driver, or a generic driver, why shouldn't he?


Attaching to a new wireless network
It exposes the computer to a another network. Depending on the wireless security settings, another exploit vector might now be open to the world.

I've hit this problem before, but never with plugging in a new Ethernet cable. Since functionally they both have the same potential problems (access to a new possible compromised network), why should one require root password and the other not?


Changing system time
Many OS services/daemons depend on the current time and take decisions based on time. Every time you change system time, it might have unexpected consequences on system behavior.

I believe his specific query was changing the time-zone, this would not affect any services, but is a common use case for users of laptops who travel (especially in the US where I understand there are all sorts of places where crossing a county line changes from daylight saving to mean time

Reply Score: 2

stestagg Member since:
2006-06-03

I think you're mistaking technical limitations for 'security features'. Let's look at the examples:

Adding a printer
Might require access to another driver besides the default one. Which if not installed, will need to be installed thus opening a security exploit, depending on the source of the driver binary.

-> If the driver runs in user-space, with kernel-managed access to only the specific USB port the printer is connected to, then there should be no security risk


Attaching to a new wireless network
It exposes the computer to a another network. Depending on the wireless security settings, another exploit vector might now be open to the world.

-> Either make it user-land by default (in a desktop environemt) OR just accept that the wireless connection isn't itself a security risk, but more a vector for attacks on existing flaws,

Changing system time
Many OS services/daemons depend on the current time and take decisions based on time. Every time you change system time, it might have unexpected consequences on system behavior. [/q]


-> Desktop users don't usually care about the system time, they care about the time that is shown to them. Let's introduce a per-user clock offset, to allow anyone to set their time to whatever they want.

The underlying OS/Crypto/Daemon systems can still use the ntp-controlled time for internal book-keeping.

Reply Score: 3

moondevil Member since:
2005-07-08

What everyone is forgeting when replying is that all your suggestions kind of require special design decisions for the single user use case.

Operating systems are however generic, and must be able to cope between being used by a single user at home, in very expensive servers in the enterprise world, and any scenario in between.

Failing to do so, we end up with Microsoft's solution, which everyone loves to hate, when there are Windows flavours, each one different, depending on the user use case.

Reply Score: 2

Add a printer with an msi
by jefro on Thu 1st Mar 2012 20:33 UTC
jefro
Member since:
2007-04-13

You let people run printer installs with a msi.

Reply Score: 1

Torvalds does the thing he knows best...
by ddc_ on Fri 2nd Mar 2012 21:21 UTC
ddc_
Member since:
2006-12-05

...he is trolling. While the salesmen on the road clearly don't need to enter root password to setup printers if setting up the printers is a part of their job, limiting users' privleges in offices is a common practice these days. I worked in office environment where this opportunity was specifically and purposely disabled.

Actually tuning the permissions and passwords on Unix-like systems is dead easy. Though Linux has PolicyKit now, it is still not all that difficult to get the user permissions right anyway. Typing the rant in Google Plus actually takes more time then tuning permissions on all the PCs in a family.

Anyway, the question of defaults is pretty streight forward: if you change the distro you shouldn't expect the defaults you are accustomed to; you should check and fix them according to your likes. Complaining about that is pretty much maroonish.

Reply Score: 1