Jump to content

Should root have his/her hands tied?


bvc
 Share

Poll: should root have his/her hand tied?  

30 members have voted

  1. 1. Poll: should root have his/her hand tied?

    • yes, serious security risk should be kept from root
      5
    • no, root should be able to do anything, else root is not root
      25


Recommended Posts

you proved nothing other than you executed a few commands...

...use it for a week and running through the ringer....then tell me how many things you had to su to root for ;)

 

SELinux :unsure: wrong? How? You just said what I did.

I took your selinux comment before as it was as easy as standard Linux DAC security. My bad if you meant it a different way.

 

As far as use it for a week :wall: you just don't get it and I'm not going to try to explain it to that thick skull of yours. :cheeky:

Link to comment
Share on other sites

  • Replies 112
  • Created
  • Last Reply

Top Posters In This Topic

...use it for a week and running through the ringer....then tell me how many things you had to su to root for ;)

 

..and.. that is what the root acount is for.

 

 

standards:

Its a standard a non-user account exists in *nix and that it is called root.

 

I really haven't the energy to find the original AT&T spec but I am pretty certain its in there! Even if somehow it iosn't its a defacto standard.

 

 

please....who has time to screw with permissions 5 times a day, everyday?

No need... just change the sticky bit...

(If you need instructions then better not to do it.... )

 

this is the whole point, an electrical outlet is designed to be fairly safe by design but if you wanna save the hassle of plugs you can just leave bare wires hanging around...

 

Course you can do lots of other things too but that requires more googling...

 

 

p.s. this whole thread is bogus because the title suggests that root is being tied when indeed it is the apps which are being made safe.

Link to comment
Share on other sites

Actually, the apps are not safe. So instead of truly making them secure, they restrict root. Bad code, lazy devel. Hmmm...like I said, sounds like M$

 

Everyone wants the quick and easy fix. The above layout for making a user root is no diff. But it doesn't work that way in the real world, and even if it did, what is the point? If you could make a user truly root then it is just as damaging as root then how is that any more secure than just running as root? I t is not. So why jump through the hoops just to have to continue to su to root because a user can not completely be root without weeks of tweaking.

 

So, who is stubborn here? uhhu ;)

Link to comment
Share on other sites

Actually, the apps are not safe. So instead of truly making them secure, they restrict root. Bad code, lazy devel. Hmmm...like I said, sounds like M$

 

Everyone wants the quick and easy fix. The above layout for making a user root is no diff. But it doesn't work that way in the real world, and even if it did, what is the point? If you could make a user truly root then it is just as damaging as root then how is that any more secure than just running as root? I t is not. So why jump through the hoops just to have to continue to su to root because a user can not completely be root without weeks of tweaking.

 

So, who is stubborn here? uhhu ;)

/etc/passwd

bvc:x:0:0::/home/bvc:

but fundamentally you just said why.... because then this user is nealry as insecure as root. Actually since the malicious prog might presume the name is root then its slightly better.

 

bad code/lazy devel or just safely....

They access HW directly to monitor it... its bad code to do that as root since it can crash the system. They presumably don't want reposnsility (legal or moral) for crashing your system....

 

If you really understand *nix its trivial to bypass.... but why would you want to....

Link to comment
Share on other sites

what ppl fail to address is the linux cracker. why crack into a user? that is a waste of time. If it's a windozer...who cares? so if linux is cracked it is cracked as root, else why bother. so it makes no diff if you are running as user or root...you are screwed, because a linux cracker is in as root.

 

it so obvious it amazes me that ppl attempt to argue about it. to argue or discuss, you need a valid point. which doesn't exist.

Link to comment
Share on other sites

what ppl fail to address is the linux cracker. why crack into a user? that is a waste of time. If it's a windozer...who cares? so if linux is cracked it is cracked as root, else why bother. so it makes no diff if you are running as user or root...you are screwed, because a linux cracker is in as root.

 

it so obvious it amazes me that ppl attempt to argue about it. to argue or discuss, you need a valid point. which doesn't exist.

 

The point is if you don't log in as root or a user with full sudo access, the cracker has a very hard time trying to get root. The reason to look at users first as a cracker, because many people will give full sudo rights to a user or two. When you do that, you might as well login as root. (which you shouldn't do either)

 

You don't have a good arguemnt here and I don't get why you don't see it? You don't need to use root all the time, you don't have to give full root/sudo access to one user. From time to time you su or have strict sudo policy's for your users that don't create the chance for a cracker to even get root in the first place, that is what you are missing. If you make root extremely difficult to get, which you can on Linux, than the cracker has nothing to do but move on to the next box. Your just assuming every cracker can get root like it's an easy thing to do, it's not easy if you lock it down. You can have your cake and eat it too!

 

:beer:

Edited by cybrjackle
Link to comment
Share on other sites

The point is if you don't log in as root or a user with full sudo access, the cracker has a very hard time trying to get root.
that's what you miss. The cracker has a hard time either way, root/user.

 

The reason to look at users first as a cracker, because many people will give full sudo rights to a user or two. When you do that, you might as well login as root. (which you shouldn't do either)
:lol: exactly!

Which is why I laugh at people bragging on sudo friendlyness. It's all around a bad concept and is not necessary, and definately shouldn't be the default for a distro.

 

you don't have to give full root/sudo access to one user.
I didn't bring that into this thread. Talk to the person that did.

 

Your just assuming every cracker can get root like it's an easy thing to do
again, I said the opposite.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...