root in FC 10

Fred Silsbee fredsilsbee at yahoo.com
Sat Dec 6 17:45:21 UTC 2008 



--- On Sat, 12/6/08, Robert L Cochran <cochranb at speakeasy.net> wrote:

> From: Robert L Cochran <cochranb at speakeasy.net>
> Subject: Re: root in FC 10
> To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list at redhat.com>
> Date: Saturday, December 6, 2008, 5:22 PM
> I'm please Fedora 10 ships with graphical root logins
> disabled by
> default. It is an excellent security step. I have a test
> system set up
> downstairs that I have been using quite a bit. For the
> first time I'm
> using SELinux in full enforcing mode and I'm not seeing
> terrible
> problems (at least not yet!)
> 
> If one also encrypts the hard drive, I think it is probably
> much safer
> and more secure to do ordinary things that save a lot of
> time like
> paying bills online.
> 
> Bob
> 
> 
> 
> Mikkel L. Ellertson wrote:
> > Fred Silsbee wrote:
> >   
> >> You don't see it do you! What you are
> proposing would take a
> >> massive intricate system to protect people from
> themselves. SELINUX
> >> is already a super mess duplicating controls
> already in place and
> >> adding to the CPU burden.
> >>
> >>     
> > One thing you seem to be missing - this is not only to
> protect new
> > user from doing something stupid before they learn,
> but also to
> > protect the rest of us from stupid mistakes by others.
> Or would you
> > like to see botnets of Linux machines to go with the
> Windows ones?
> >
> > I can just picture a newbee running as root, and
> running an older
> > version of their web browser that has a known exploit,
> and getting
> > something nasty installed.
> >
> > With the profit that can be made from compromised
> systems, it would
> > be irresponsible to ship systems with insecure default
> settings.
> > After all, we do not want to see Linux systems that
> are as insecure
> > as Windows systems are by default. Running as root all
> the tine
> > defeats most of the security of a Linux system.
> >
> > Mikkel
> >   
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines:
> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

no sale! not at all!

Robert be careful...seriously...the irritable "top posting troll" is watching

he can't get a date and is looking for revenge

More information about the fedora-list mailing list