Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Permalink for comment 509098
To read all comments associated with this story, please click here.
Linus does not understand security
by moondevil on Thu 1st Mar 2012 07:23 UTC
moondevil
Member since:
2005-07-08

Linus might be a very competent person, and he has achieve things in life I can only dream of, but he just does not understand security.

The examples he refers to can all be a potencial security exploit, hence the requirement to not allow the normal user account to do those tasks.

Deconstructing his examples:

Adding a printer
Might require access to another driver besides the default one. Which if not installed, will need to be installed thus opening a security exploit, depending on the source of the driver binary.


Attaching to a new wireless network
It exposes the computer to a another network. Depending on the wireless security settings, another exploit vector might now be open to the world.

Changing system time
Many OS services/daemons depend on the current time and take decisions based on time. Every time you change system time, it might have unexpected consequences on system behavior.

Reply Score: 2