Linux security
William Grant
tanarrifujitsu at optusnet.com.au
Sat Apr 29 02:30:15 UTC 2006
On Sat, 2006-04-29 at 09:24 +0800, Michael T. Richter wrote:
> On Fri, 2006-28-04 at 23:03 +0100, Daniel Carrera wrote:
> > Daniel: Linux is more secure than Windows.
> > MS guy: Why?
> > Daniel: It has better separation of priviledge (sudo, chroot)
> > MS guy: But that won't protect the user's data which is what
> > really matters.
>
> The problem is twofold. First you've spotted the issue of user data
> (which is all that users care about). Second, if the MS guy actually
> knows the platform, he's going to call bullshit on the separation of
> privilege as well.
>
> I can go right down into the nitty-gritties, in Windows (NT+), and say
> "this file is only readable to this one user, only executable by this
> one other user, can be write-appended (but not read) by this group of
> users and can be read/write accessed by this other group over here".
> Nothing in sudo/chroot/et al gives me anywhere near that level of
> security control unless I include an add-on that's subverted by half
> the utilities out there.
Hmm. I could have sworn that I used such things on my Linux server
constantly. Or am I imagining getfacl and setfacl?
> > MS guy: What really matters is user data, and separation of priviledge
> > won't protect that.
> > Daniel: Actually, user data is not what matters most becasue ...
>
> User data is all that matters. You just have to expand the horizons
> of an average user to include other users. It is a conceit of
> software geeks that the system is what matters. The system don't
> matter a damn except insofar as flaws in the system can impact user
> data. Any other view is, frankly, idiotic.
>
> --
> Michael T. Richter
William.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060429/e7a2d7cd/attachment.sig>
More information about the ubuntu-users
mailing list