Linux security

[William Grant]

On Sat, 2006-04-29 at 09:24 +0800, Michael T. Richter wrote:
> On Fri, 2006-28-04 at 23:03 +0100, Daniel Carrera wrote: 
> > Daniel: Linux is more secure than Windows.
> > MS guy: Why?
> > Daniel: It has better separation of priviledge (sudo, chroot)
> > MS guy: But that won't protect the user's data which is what
> >          really matters.
> 
> The problem is twofold.  First you've spotted the issue of user data
> (which is all that users care about).  Second, if the MS guy actually
> knows the platform, he's going to call bullshit on the separation of
> privilege as well.
> 
> I can go right down into the nitty-gritties, in Windows (NT+), and say
> "this file is only readable to this one user, only executable by this
> one other user, can be write-appended (but not read) by this group of
> users and can be read/write accessed by this other group over here".
> Nothing in sudo/chroot/et al gives me anywhere near that level of
> security control unless I include an add-on that's subverted by half
> the utilities out there. 

Hmm. I could have sworn that I used such things on my Linux server
constantly. Or am I imagining getfacl and setfacl?

> > MS guy: What really matters is user data, and separation of priviledge
> >          won't protect that.
> > Daniel: Actually, user data is not what matters most becasue ...
> 
> User data is all that matters.  You just have to expand the horizons
> of an average user to include other users.  It is a conceit of
> software geeks that the system is what matters.  The system don't
> matter a damn except insofar as flaws in the system can impact user
> data.  Any other view is, frankly, idiotic.
> 
> --
> Michael T. Richter

William. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060429/e7a2d7cd/attachment.sig>