root in FC 10
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Sat Dec 6 15:54:17 UTC 2008
Fred Silsbee wrote:
>
> You don't see it do you! What you are proposing would take a
> massive intricate system to protect people from themselves. SELINUX
> is already a super mess duplicating controls already in place and
> adding to the CPU burden.
>
One thing you seem to be missing - this is not only to protect new
user from doing something stupid before they learn, but also to
protect the rest of us from stupid mistakes by others. Or would you
like to see botnets of Linux machines to go with the Windows ones?
I can just picture a newbee running as root, and running an older
version of their web browser that has a known exploit, and getting
something nasty installed.
With the profit that can be made from compromised systems, it would
be irresponsible to ship systems with insecure default settings.
After all, we do not want to see Linux systems that are as insecure
as Windows systems are by default. Running as root all the tine
defeats most of the security of a Linux system.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081206/2b354b55/attachment-0001.sig>
More information about the fedora-list
mailing list