[H-GEN] Supporting Mozilla

Robert Brockway robert at timetraveller.org
Sat Oct 18 19:56:58 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Sat, 18 Oct 2003, Trent WADDINGTON wrote:

> I _really_ don't understand that attitude.  If your machine is being used

It's not an attitude, it's an opinion.

> as a single user machine then what is the point of having a seperate
> account for that single user?  Sure, the user can delete things that would

On this point we must disagree.  There are many reasons to avoid running
normal user apps with superuser privs include:

- Protection accidental deletion of system files (as you mention)
- Protection against trojans taking down the entire system
- Prevention from badly behaving apps taking down the entire system
- Ability to configure tighter resource limits (more protection)
- Flexibility: Just because a system is single user now doesn't mean it
  will stay that way.

I doubt anyone who has screwed up a system by using more priviliges than
were needed to do a job and has had to spend hours recovering would be so
ready to allow new users to run as root.

> be bad for them to do so, but that's always been the case with Windows and
> no-one seems to have a problem with that.

Plenty of people had a problem with it.  Many of us ended up in unix-land
:)

> Is it because we fear what viruses or worms can do to the kernel or the
> standard linux base?  Just about any application that a user downloads and
> installs will have to be done as root anyways...

There's a big difference between trusting a vendor/distro maintainer and
trusting all software you download.

> Ultimately, what we need for single user operating systems is to protect
> the user from untrusted applications.. that's a very hard thing to do and
> a completely different kettle of fish to protecting multiple users on the
> same machine from each other (which is what unix security is all about).

I disagree.  The unix security model covers both.

Rob

-- 
Robert Brockway B.Sc. email: robert at timetraveller.org, zzbrock at uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list