Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Permalink for comment 508966
To read all comments associated with this story, please click here.
RE: Comment by Gone fishing
by dnebdal on Wed 29th Feb 2012 14:28 UTC in reply to "Comment by Gone fishing"
dnebdal
Member since:
2008-08-27

Kerberos tickets (and possibly some other forms of authentication and crypto) are time-dependant. Roughly speaking, the two sides encrypt their timestamps, and the opposite end only accepts if the time is reasonably close to its own. I don't know if being able to change the time on at least one end would allow any interesting attacks, but it sounds vaguely plausible?

(The typical place to run into this is weird login issues if your local time is horribly wrong.)

Edited 2012-02-29 14:29 UTC

Reply Parent Score: 2