for everyone whose sick of sudo read this
Stephen R Laniel
steve at laniels.org
Wed Jun 29 23:16:19 UTC 2005
On Thu, Jun 30, 2005 at 11:04:31AM +1200, Stephen Ward wrote:
> Basically, if you have permission to become root you should know what
> you are doing so you should have full access. The control is to not
> allow people to become root if they can't be trusted.
Incorrect. You introduce security wherever you can. You make
sure that your programming languages enforce data hiding,
for instance, so that objects can't be put into an
inconsistent state by a programming mistake. (C does not do
this by default.) You keep your programs in their own memory
spaces so that a crash in one program doesn't take the whole
system down. (Mac OS 9 did not do this -- cooperative memory
management theoretically performed better than Windows,
because the OS didn't need to expend resources keeping
things separate.) It's why you use compilers in the first
place.
You *never* assume that anyone is infallible. People make
mistakes, and your system should be resilient against as
many of those mistakes as possible. In particular, one
way to do this is to make sure that your system files
don't have any syntax errors in them. (Which is why,
incidentally, I've thought for a while that Linux system
files should use a common format with a rigid syntax --
something like a DTD or an XML Schema -- so that before
you save any of your config files, the system can check
whether you made any typing mistakes.)
Plus, if you make it easy to hose your system with the
sudoers file, you give people another excuse to avoid using
sudo altogether -- which is even worse.
We're moving into an era when Linux will be used --
hopefully -- by lots of people who don't have sysadmin
backgrounds. So for one thing we want to give as few
programs root privileges as possible, and for another we
want to insure against errors by people when they *do*
become root.
--
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050629/0bf0be1b/attachment.sig>
More information about the ubuntu-users
mailing list