Linked by Thom Holwerda on Tue 28th Feb 2012 23:11 UTC
Linux Linus Torvalds on requiring the root password for mundane tasks. "So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace 'my kids' with 'sales people on the road' if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place." Yes, it's harsh (deal with it, Finns don't beat around the bush), but he's completely and utterly right. While there's cases where it makes sense to disable certain settings (public terminals, for instance), it is utterly idiotic that regular home users have to type in their root password for such mundane tasks.
Thread beginning with comment 508838
To read all comments associated with this story, please click here.
Gullible Jones
Member since:

[NB: I am not a computer security expert. Do not take my word on any of the following.]

Changing the system time probably has little security relevance these days (I think?). And for CUPS, it strikes me that authenticating as root by default might not be such a hot idea in a multi-user environment, and is a pain for a single user. So most distros' default configurations leave something wanting there. OTOH I only know of one distro (Slitaz) that requires the root password for wireless configuration.

BTW, two points that I think may be relevant to this:

1. Principle of least privilege says that too much restriction can be bad. Every task that unnecessarily demands root privileges is potentially exploitable.

2. Prompting for passwords all the time can also be bad, since a malicious application could potentially nab the password.

Of course that's kind of moot now, seeing as it's all about money and personal info these days, and the sorts who go after home users may not even need root to do their dirty work... Even so.

P.S. #2 is something Windows (theoretically) does right and popular Linux distros do wrong. Windows prompts you about admin actions every time, without requesting a password. Ubuntu, etc. prompt for the password, and then give you five minutes or so of passwordless root access without any notification. The Linux method strikes me as much more inviting for social engineering attacks.

Reply Score: 3

Flatland_Spider Member since:

The five minute time out is a setting that can be changed in the sudo config. It's a convenience thing for command line users.

Yeah, OSs really need to try to sandbox the user much more then they already to. Eveything still has that DOS mentallity that the user should have complete control of the computer, when in reality they just need control of their profile/home dir unless they need to make a system wide change.

For instace, software should have the option of installing system wide or just for the user. If the software is going to be system wide, then authentication is asked for, and if it's user only, then the software gets installed into a programs folder.

There is support for this (PortableApps for windows and compiling from source Unix, for instance), but it's not mainstream.

Reply Parent Score: 1