jlc Posted February 17, 2005 Report Share Posted February 17, 2005 you proved nothing other than you executed a few commands......use it for a week and running through the ringer....then tell me how many things you had to su to root for ;) SELinux :unsure: wrong? How? You just said what I did. I took your selinux comment before as it was as easy as standard Linux DAC security. My bad if you meant it a different way. As far as use it for a week you just don't get it and I'm not going to try to explain it to that thick skull of yours. Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 17, 2005 Report Share Posted February 17, 2005 ...use it for a week and running through the ringer....then tell me how many things you had to su to root for ;) ..and.. that is what the root acount is for. standards: Its a standard a non-user account exists in *nix and that it is called root. I really haven't the energy to find the original AT&T spec but I am pretty certain its in there! Even if somehow it iosn't its a defacto standard. please....who has time to screw with permissions 5 times a day, everyday? No need... just change the sticky bit... (If you need instructions then better not to do it.... ) this is the whole point, an electrical outlet is designed to be fairly safe by design but if you wanna save the hassle of plugs you can just leave bare wires hanging around... Course you can do lots of other things too but that requires more googling... p.s. this whole thread is bogus because the title suggests that root is being tied when indeed it is the apps which are being made safe. Quote Link to comment Share on other sites More sharing options...
bvc Posted February 17, 2005 Author Report Share Posted February 17, 2005 Actually, the apps are not safe. So instead of truly making them secure, they restrict root. Bad code, lazy devel. Hmmm...like I said, sounds like M$ Everyone wants the quick and easy fix. The above layout for making a user root is no diff. But it doesn't work that way in the real world, and even if it did, what is the point? If you could make a user truly root then it is just as damaging as root then how is that any more secure than just running as root? I t is not. So why jump through the hoops just to have to continue to su to root because a user can not completely be root without weeks of tweaking. So, who is stubborn here? uhhu ;) Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 17, 2005 Report Share Posted February 17, 2005 Actually, the apps are not safe. So instead of truly making them secure, they restrict root. Bad code, lazy devel. Hmmm...like I said, sounds like M$ Everyone wants the quick and easy fix. The above layout for making a user root is no diff. But it doesn't work that way in the real world, and even if it did, what is the point? If you could make a user truly root then it is just as damaging as root then how is that any more secure than just running as root? I t is not. So why jump through the hoops just to have to continue to su to root because a user can not completely be root without weeks of tweaking. So, who is stubborn here? uhhu ;) <{POST_SNAPBACK}> /etc/passwd bvc:x:0:0::/home/bvc: but fundamentally you just said why.... because then this user is nealry as insecure as root. Actually since the malicious prog might presume the name is root then its slightly better. bad code/lazy devel or just safely.... They access HW directly to monitor it... its bad code to do that as root since it can crash the system. They presumably don't want reposnsility (legal or moral) for crashing your system.... If you really understand *nix its trivial to bypass.... but why would you want to.... Quote Link to comment Share on other sites More sharing options...
bvc Posted February 17, 2005 Author Report Share Posted February 17, 2005 I don't want to, and shouldn't have to, if you really understood *nix it's easy to understand Quote Link to comment Share on other sites More sharing options...
bvc Posted February 17, 2005 Author Report Share Posted February 17, 2005 what ppl fail to address is the linux cracker. why crack into a user? that is a waste of time. If it's a windozer...who cares? so if linux is cracked it is cracked as root, else why bother. so it makes no diff if you are running as user or root...you are screwed, because a linux cracker is in as root. it so obvious it amazes me that ppl attempt to argue about it. to argue or discuss, you need a valid point. which doesn't exist. Quote Link to comment Share on other sites More sharing options...
jlc Posted February 17, 2005 Report Share Posted February 17, 2005 (edited) what ppl fail to address is the linux cracker. why crack into a user? that is a waste of time. If it's a windozer...who cares? so if linux is cracked it is cracked as root, else why bother. so it makes no diff if you are running as user or root...you are screwed, because a linux cracker is in as root. it so obvious it amazes me that ppl attempt to argue about it. to argue or discuss, you need a valid point. which doesn't exist. <{POST_SNAPBACK}> The point is if you don't log in as root or a user with full sudo access, the cracker has a very hard time trying to get root. The reason to look at users first as a cracker, because many people will give full sudo rights to a user or two. When you do that, you might as well login as root. (which you shouldn't do either) You don't have a good arguemnt here and I don't get why you don't see it? You don't need to use root all the time, you don't have to give full root/sudo access to one user. From time to time you su or have strict sudo policy's for your users that don't create the chance for a cracker to even get root in the first place, that is what you are missing. If you make root extremely difficult to get, which you can on Linux, than the cracker has nothing to do but move on to the next box. Your just assuming every cracker can get root like it's an easy thing to do, it's not easy if you lock it down. You can have your cake and eat it too! Edited February 17, 2005 by cybrjackle Quote Link to comment Share on other sites More sharing options...
bvc Posted February 17, 2005 Author Report Share Posted February 17, 2005 The point is if you don't log in as root or a user with full sudo access, the cracker has a very hard time trying to get root. that's what you miss. The cracker has a hard time either way, root/user. The reason to look at users first as a cracker, because many people will give full sudo rights to a user or two. When you do that, you might as well login as root. (which you shouldn't do either) :lol: exactly!Which is why I laugh at people bragging on sudo friendlyness. It's all around a bad concept and is not necessary, and definately shouldn't be the default for a distro. you don't have to give full root/sudo access to one user.I didn't bring that into this thread. Talk to the person that did. Your just assuming every cracker can get root like it's an easy thing to doagain, I said the opposite. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.