Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #1765
| From | Hans Georg Schaathun <hg@schaathun.net> |
|---|---|
| Newsgroups | comp.os.linux.misc |
| Subject | Re: Good Linux to start with |
| Date | 2011-07-13 12:46 +0100 |
| Organization | University of Bergen |
| Message-ID | <u5d0f8-nj.ln1@svn.schaathun.net> (permalink) |
| References | (5 earlier) <slrnj1c63t.crb.hjp-usenet2@hrunkner.hjp.at> <iv575g$p4$1@dont-email.me> <slrnj1drdp.4so.hjp-usenet2@hrunkner.hjp.at> <kpvve8-96v.ln1@svn.schaathun.net> <871uxu4kht.fsf@araminta.anjou.terraraq.org.uk> |
On Wed, 13 Jul 2011 10:07:10 +0100, Richard Kettlewell <rjk@greenend.org.uk> wrote: : You need to trust that script, even if you use su instead of sudo; all : you've done is make the path to privilege escalation a bit more : involved. Sure, /if/ you decide to run it with superuser privileges. The point was that if the script demands to be run as root, you will know, and you can read the script before you run it. If the script uses sudo internally, you will not necesarily know, so you may think that you run it in user space, whereas in fact it is allowed to jump to superuser space. If you are sufficiently careful you can reconfigure sudo, and/or run semi-trusted scripts under a separate under-privileged account. That's what I call harder. All of this will not matter if you are either (1) not at all worried about malware, or (2) so worried about malware that you would double- and treble-check everything you run under any user. For the users in-between, it is a point worth considering when making a choice of how to use sudo and su. As my personal preference, I would prefer to use sudo only for selected routine, low-risk operations, and restrict the blanket access for su. Of course, that has a major downside if you have sufficiently many sysadmins to make password distribution difficult. -- :-- Hans Georg
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Good Linux to start with Halberstam Reader <joe.snod@yahoo.com> - 2011-07-03 18:40 -0700
Re: Good Linux to start with John Hasler <jhasler@newsguy.com> - 2011-07-03 20:53 -0500
Re: Good Linux to start with bosco <boscopelone@yahoo.com> - 2011-07-03 21:16 -0600
Re: Good Linux to start with bruce.sinclair@NOSPAMORELSEagresearch.NOTco.NOTnz (Bruce Sinclair) - 2011-07-04 04:07 +0000
Re: Good Linux to start with Dan C <youmustbejoking@lan.invalid> - 2011-07-04 03:28 +0000
Re: Good Linux to start with Michael Black <et472@ncf.ca> - 2011-07-04 12:04 -0400
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-04 23:07 +0200
Re: Good Linux to start with David Brown <david@westcontrol.removethisbit.com> - 2011-07-04 10:15 +0200
Re: Good Linux to start with Bob Henson <rh547477@gmail.com> - 2011-07-04 10:00 +0100
Re: Good Linux to start with Torsten Mueller <dev-null@shared-files.de> - 2011-07-04 11:10 +0200
Re: Good Linux to start with Balwinder S Dheeman <bsd.SANSPAM@anu.homelinux.net> - 2011-07-04 16:11 +0530
Re: Good Linux to start with Richard Kimber <richardkimber@btinternet.com> - 2011-07-04 06:59 -0500
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-04 13:35 +0100
Re: Good Linux to start with David Brown <david@westcontrol.removethisbit.com> - 2011-07-04 15:25 +0200
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-05 11:41 +0100
Re: Good Linux to start with jmclnx@SPAMisBADgmail.com (Jack McCue) - 2011-07-04 12:50 +0000
Re: Good Linux to start with Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2011-07-04 07:47 -0700
Re: Good Linux to start with ray <ray@zianet.com> - 2011-07-04 14:50 +0000
Re: Good Linux to start with Stefan Patric <not@this.address.com> - 2011-07-04 17:23 +0000
Re: Good Linux to start with Steve Hayes <hayesstw@telkomsa.net> - 2011-07-05 07:39 +0200
Re: Good Linux to start with JohnT <john@example.com> - 2011-07-05 07:52 +0000
Re: Good Linux to start with Robert Riches <spamtrap42@jacob21819.net> - 2011-07-05 15:51 +0000
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-06 03:46 +0200
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-07 22:35 +0200
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-07 23:06 +0200
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-08 13:44 +0200
Re: Good Linux to start with Hans Georg Schaathun <hg@schaathun.net> - 2011-07-13 08:58 +0100
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-13 09:41 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-13 10:07 +0100
Re: Good Linux to start with Hans Georg Schaathun <hg@schaathun.net> - 2011-07-13 12:46 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-13 13:47 +0100
Re: Good Linux to start with Hans Georg Schaathun <hg@schaathun.net> - 2011-07-13 14:20 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-13 15:26 +0100
Re: Good Linux to start with John Hasler <jhasler@newsguy.com> - 2011-07-13 07:37 -0500
Re: Good Linux to start with Hans Georg Schaathun <hg@schaathun.net> - 2011-07-13 14:16 +0100
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-13 14:35 +0100
Re: Good Linux to start with Hans Georg Schaathun <hg@schaathun.net> - 2011-07-13 15:13 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-13 16:36 +0100
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-08 08:53 +0100
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-08 14:09 +0200
Re: Good Linux to start with Anton Meyninger <anton.meyninger@gmail.com> - 2011-07-05 13:07 +0200
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-06 03:52 +0200
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-06 12:16 +0100
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-06 19:10 +0200
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-06 18:30 +0100
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-07 01:57 +0200
Re: Good Linux to start with Robert Riches <spamtrap42@jacob21819.net> - 2011-07-07 03:26 +0000
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-07 05:48 +0100
Re: Good Linux to start with Balwinder S Dheeman <bsd.SANSPAM@anu.homelinux.net> - 2011-07-07 11:15 +0530
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-07 07:14 +0100
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-07 05:45 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-07 09:53 +0100
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-07 10:41 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-07 11:32 +0100
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-07 13:49 +0100
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-07 15:01 +0100
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-07 15:16 +0100
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-07 23:04 +0200
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-08 08:58 +0100
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-08 14:19 +0200
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-08 13:44 +0100
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-11 09:39 +0100
Re: Good Linux to start with blmblm@myrealbox.com <blmblm.myrealbox@gmail.com> - 2011-07-10 19:02 +0000
Re: Good Linux to start with blmblm@myrealbox.com <blmblm.myrealbox@gmail.com> - 2011-07-10 19:01 +0000
Re: Good Linux to start with Robert Riches <spamtrap42@jacob21819.net> - 2011-07-07 03:16 +0000
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-07 05:47 +0100
Re: Good Linux to start with Robert Riches <spamtrap42@jacob21819.net> - 2011-07-07 05:00 +0000
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-07 22:42 +0200
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-07 23:41 +0200
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-08 14:07 +0200
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-09 02:05 +0200
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-09 21:10 +0200
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-10 02:16 +0200
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-10 10:42 +0100
Re: Good Linux to start with Aragorn <stryder@telenet.be.invalid> - 2011-07-11 05:03 +0200
Re: Good Linux to start with The Natural Philosopher <tnp@invalid.invalid> - 2011-07-11 08:23 +0100
Re: Good Linux to start with Mark <i@dontgetlotsofspamanymore.invalid> - 2011-07-11 09:52 +0100
Re: Good Linux to start with Richard Kettlewell <rjk@greenend.org.uk> - 2011-07-11 11:16 +0100
Re: Good Linux to start with Robert Riches <spamtrap42@jacob21819.net> - 2011-07-10 03:49 +0000
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-11 13:56 +0200
Re: Good Linux to start with blmblm@myrealbox.com <blmblm.myrealbox@gmail.com> - 2011-07-11 22:31 +0000
Re: Good Linux to start with "Peter J. Holzer" <hjp-usenet2@hjp.at> - 2011-07-12 15:30 +0200
Re: Good Linux to start with blmblm@myrealbox.com <blmblm.myrealbox@gmail.com> - 2011-07-12 22:28 +0000
Re: Good Linux to start with Feranija <feranija@net...> - 2011-07-06 11:37 -0700
Re: Good Linux to start with TJ <TJ@noneofyour.business> - 2011-07-18 09:35 -0400
csiph-web