Mailinglist Archive: opensuse-factory (883 mails)
| < Previous | Next > |
Re: [opensuse-factory] Security or Convenience? Defining a better policy
- From: Johannes Meixner <jsmeix@xxxxxxx>
- Date: Fri, 25 May 2012 12:40:35 +0200 (CEST)
- Message-id: <alpine.LNX.2.00.1205251219490.12483@nelson.suse.de>
Hello,
On May 23 21:58 Marguerite Su wrote (excerpt):
so in my case, the situation is: I have passwords,
but I don't want to give it every time.
If you want to do configuration changes without a password,
- you can do configuration changes by accident (prompting for
a password would make you aware when something is no longer
within the scope of what is considered as "usual work"),
- arbitrary persons who get even short time access to your machine
can do configuration changes when it is running unattended
(e.g. when you forgot by accident to lock your screen),
i.e. arbitrary persons could hijack your machine when it is
running unattended.
I am not against such a setting, I only like to point out
a security consequence.
If you like to do anything without providing a password,
you could work as root.
I mean this seriously.
What would be wrong with working as root if one likes to work
with unlimited permissions on one's own machine in one's own
secure internal network?
And for exceptional cases one could even jail root with software
like AppArmor and SELinux.
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |