|
 |
dissabte, 30 / abril / 2005 |
[SecurityFocus] Cleanliness next to Rootliness. Fa uns dies, el CEO de Linspire va dir en una entrevista que era un error la tendència de forçar a l'usuari a no ser root dels seus sistemes:
I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
En aquest article de SecurityFocus es presenten una sèrie d'arguments en favor de l'existència d'usuaris no privilegiats, basats en donar els permisos necessaris per a l'execució d'aplicacions.
In a functioning computer system, certain critical system functions must be trusted: memory access, raw disk access, and raw access to the network. If everything runs at the same privilege level, this trust is gone. Running everything as root means that there are no limits for hostile code run on the machine.
El que no entenc, sincerament, són els arguments per a defensar que tot s'executi amb privilegis d'administrador.
|
22:45 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[ONLamp] What I Learned In Teaching Computer Security, Privacy, and Politics to a General Audience
- Students are dependent on reactive tools including firewalls and anti-virus software. Such tools have been well-marketed, but they can only do so much. That is, the "bigger point" is missed --numerous security holes in software are unpublicized, which leads to one massive hole. The message that I sent to the class was clear: the first line of defense is to protect yourself and your systems (be proactive as possible). Funny, I still receive assignments that mention relying on firewalls and anti-virus software to protect their systems.
- Few have knowledge about open source software, and alternatives to popular software packages. It is important to discuss the software life-cycle development process early in the semester because it will provide students insights on where a lot of the problems come from. One of the first comments from students that stuck me was that many have never heard of open source software, nor have they heard of alternatives to popular software packages such as GIMP, GAIM, and yes, even Firefox. As much as the technical community read and speak about OSS, the general public still don't understand it.
|
22:39 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2003-2005 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
