I've said it before: Linus isn't a security-minded dev

Story: 'Kill yourself now' - Torvalds throws openSUSE security tantrumTotal Replies: 20
Author Content
gus3

Feb 29, 2012
9:58 PM EDT
Reading his rant, I can think of reasons why each action he complains about should be restricted to the administration role.

Changing the default timezone for the entire machine? Root only. If you want to change it for your own desktop login, set the TZ environment variable.

Connecting to a wireless network, or connecting to a networked printer (with an embedded, infectable OS, most likely)? Those are tasks for a role of system-wide trust. Root only.

And his diplomacy skills, or rather blatant lack thereof, also belie his poor judgment regarding what to say, and what not to say, to the world at large. The air around me is saturated with the Chardon, Ohio school shooting; a friend has lost his long-suffering, loyal wife; and now this rat b------ a------ Torvalds is suggesting suicide to people who have built their business on his product?

If he retires from kernel development tomorrow, I won't shed a tear.
tuxchick

Feb 29, 2012
10:25 PM EDT
What's so hard about a root password, anyway? Set up a sudo user with admin rights, like Ubuntu and Mint and Fedora and so many distros do now. Big deal.
dinotrac

Feb 29, 2012
10:58 PM EDT
Ummmm....@gus3 --

Yeah, unless you want the frickin' thing to be used.

The problem with making things hard to do that people actually need to do is that you will end up making your security worse instead of better because, well, those people need to do things and you will end up with no choice but to let them do things, even if that means surrendering the root password which...ummm.. defeats the purpose of requiring it.

As tc said, there are solutions for that problem, and sudo is one of them.
skelband

Feb 29, 2012
11:07 PM EDT
The situation on Ubuntu seems to be the best compromise that I have found.

The one curious thing is that if you login as one user, connect to a Wifi point, then quick switch to another user, they use your connection. I would probably prefer to see some measure of isolation that is lacking in this regard.
jhansonxi

Mar 01, 2012
12:26 AM EDT
The openSUSE permissions-nagging makes it sound like Vista.
tuxchick

Mar 01, 2012
12:34 AM EDT
"Rare public spanking"? Now that's just plain funny. Rare. Yeah right :)
mbaehrlxer

Mar 01, 2012
3:49 AM EDT
one of the questions here is: who should have the system-wide trust on a single user system?

there is a large difference between a machine with an administrator and multiple users and one where there is only one user. and there is also a difference between a desktop on a fixed location and a laptop that moves around.

the privilege level for these needs to be different!

connecting to a wifi network or to a printer on a laptop needs to be done by the user. there is no-one else to do it.

and who exactly is at risk when a user does these things? the infectable printer? how does root a root password protect against that? in this case it is the owner of the printer that wants the protection, so should it be the printer admin that sets up the printer on a guests laptop? how? that person doesn't have the root password either.

if the printer owner wants protection, the only way is to disallow guests in the first place or make sure the printer isn't infectable. this is therefore irrelevant to the privilege level on the laptop. the same would apply for wifi access.

greetings, eMBee.
gus3

Mar 01, 2012
7:37 AM EDT
mbaehrlxer wrote:who exactly is at risk when a user does these things? the infectable printer? how does root a root password protect against that? in this case it is the owner of the printer that wants the protection
You got it 100% backwards.

Think about the case where the printer is already infected, and is seeking out new vectors.
jdixon

Mar 01, 2012
9:08 AM EDT
> Think about the case where the printer is already infected, and is seeking out new vectors.

In that case the last thing you want is for the root user to connect to the device. It would be far safer for a non-root user to do so.
dinotrac

Mar 01, 2012
9:46 AM EDT
@jdixon --

You read what I laughingly refer to as my mind.
tuxchick

Mar 01, 2012
3:44 PM EDT
It's no safer for a non-root user, especially on a single-user system. Because you can easily replace system files, but having your data compromised is more serious.
gus3

Mar 01, 2012
4:35 PM EDT
Quoting:the last thing you want is for the root user to connect to the device. It would be far safer for a non-root user to do so.
Except that it's root's job to be on guard, on behalf of the system and its users. Has root verified the integrity of the printer? Or, if that isn't an option, has root set up firewall rules to protect against an attack initiated by the compromised printer? If not, why not?
mbaehrlxer

Mar 01, 2012
10:54 PM EDT
in a situation where an admin is not accessible (the user takes the laptop to a remote location) requiring a root password does not help at all. it only results in needing to give the root password to the user which is arguably worse than either root or the user unwittingly connecting the laptop to an infected printer.

yes, the user can loose data, but it is also possible to keep the data on an external disk or a thumbdrive which can be removed or serve as a backup. the security minded user can switch accounts to print from another account that has no data (or only read access to it)

if the root password is needed to connect the printer then the data and the whole system are at risk.

now tell me why is verifying the integrity of the printer not an option? if you own the printer surely you can make sure it is not infected. in that case there is no need to prevent users from connecting to it.

if verifying the integrity of the printer is not an option, then i doubt depending on a sysadmin to come is an option either. the home user does not have access to a sysadmin, and the business traveler is not accompanied by one either.

greetings, eMBee.
gus3

Mar 01, 2012
11:06 PM EDT
Quoting:why is verifying the integrity of the printer not an option?
Because you own neither the printer nor the network.

Because the admin for the printer and/or network is an MCSE who couldn't answer your generically-worded questions about TCP/UDP filtering on the firewall. The only kind of answer you'll get is "well, I clicked on this yellow thing, and then this grey thing, and then I clicked the Yes button..."

Because you're in a hotel that offers a printing service via SMB, but if you're dumb enough to trust that installation, there's no way in Hades that I would trust you with my root password, let alone the root privs on my laptop.
krisum

Mar 04, 2012
11:40 AM EDT
> Has root verified the integrity of the printer?

By that measure, one should require root password to use a pen/removable drive that has more chances of being infected.

This is not the approach to informed security. Surely there are workstations where removable drives are locked, or adding printers/wireless network requires admin privileges (e.g. in my workplace). This is all to be setup by an admin as required and should not be turned on by default in a distro targeting desktop usage.
Steven_Rosenber

Mar 06, 2012
2:08 PM EDT
Can't he just give the kid the root password and be done with it? Then she can admin till her heart's content.
Fettoosh

Mar 06, 2012
2:33 PM EDT
Quoting:Can't he just give the kid the root password and be done with it?


Linus doesn't give root passwords, force of habit. :-)

DrGeoffrey

Mar 06, 2012
3:53 PM EDT
Habits can be good, or they can be bad.

I want my son to learn about Linux and the reasons for a root password. How can he learn if he can't make mistakes?
Fettoosh

Mar 06, 2012
5:14 PM EDT
Quoting: How can he learn if he can't make mistakes?


Have him build and install his own. That is what I did when my son was still in middle school.



gus3

Mar 06, 2012
5:27 PM EDT
Quoting:Have him build and install his own.
Where mistakes can't cost critical data.
DrGeoffrey

Mar 06, 2012
7:09 PM EDT
Quoting:Have him build and install his own. That is what I did when my son was still in middle school.


Build his own? Thought of it. But, his current system still has a few years left in it. Install? Yep. Ubuntu. Mint, Xubuntu, and Sabayon. Thinking about having him install Arch, but I've not experimented with it either.

Quoting:Where mistakes can't cost critical data.


His system. He may be on the network, but each of our systems are fairly isolated (router enforced separation). If he loses anything, it's to his inconvenience.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!