Re: Wonderful Windows Zaps Banks/Transport/Media after "Update" Yesterday

Liste des GroupesRevenir à col misc 
Sujet : Re: Wonderful Windows Zaps Banks/Transport/Media after "Update" Yesterday
De : lars (at) *nospam* beagle-ears.com (Lars Poulsen)
Groupes : comp.os.linux.misc
Date : 31. Jul 2024, 15:49:41
Autres entêtes
Organisation : AfarCommunications Inc
Message-ID : <v8diu6$1kbog$1@dont-email.me>
References : 1 2 3 4 5 6 7 8
User-Agent : Mozilla Thunderbird
On 7/31/2024 3:17 AM, The Natural Philosopher wrote:
On 31/07/2024 10:23, Richard Kettlewell wrote:
The Natural Philosopher <tnp@invalid.invalid> writes:
But who tuns a true multiuser system these days especially one where
users can do simple admin?
>
Even disregarding hobbyists, more than zero but I expect the number is
indeed rather small.
Not sure what you mean by "hobbyist". To me, a "linux hobbyist" is someone like me, who deliberately runs a system at home that is more complex and "professional" than necessary, to keep alive some skills acquired decades ago when we managed a Unix system used by our department.
But I also use those skills in the small company that still writes me a paycheck in my semi-retirement.

There’s a few points here:
>
* You can still set a root password and use ‘su’ on Ubuntu systems if
   that’s what you want. Canonical are not enforcing a policy here, just
   setting a default.
My Linux systems are Fedora rather than Ubuntu; Fedora also promotes sudo.

* The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I
   expect the motivation for the default setup on Ubuntu is
   simplification, not any theories about who can remember how many
   passwords.
>
* Trusting sudo to enforce the a tailored access model is somewhat
   optimistic given its CVE record, and the general record of the setuid
   model that underpins it.
>
* By escaping the setuid model run0 may improve on this issue, though it
   brings other kinds of complexity with it; how it balances out is
   probably a question for a few years time.
>
* In the single-user context, sudo effectively creates the model that
   your single user account has privileges equivalent to root, but that
   you must explicitly mark any privileged operation. The former is just
   acknowledging reality, the latter is a useful guard against accidents.
>
+1 to all of that.
 I use sudo if its just one thing I need to do, but if its messing with config files and restarting daemons, I use su -
Is that because you do not know about "sudo -i" ?
Note that run0 - which is built on polkit - still relies on setuid executables within polkit. I don't see them as all that different.
The grace period in sudo is a convenience. It probably does add a bit of risk. There is probably a way to turn it off --- yes: timestamp_timeout=0 in /etc/sudoers (apparently per-user)

Date Sujet#  Auteur
3 Jul 25 o 

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal