On Tue, Feb 12, 2019 at 03:47:57PM +0100, Liam Proven wrote:
On 2/12/19 3:15 PM, Michal Kubecek wrote:
...which is why people end up doing crazy things like "sudo su -". And, voilà, they have a root shell anyway, except all they needed was the regular user's password. That's supposed to be the security improvement, having to write "sudo su -" rather than just "su -"?
``sudo -s'' is the easier way.
Which only supports my point.
This is an example of a pragmatic improvement.
That's no improvement.
I proceeded to list 3 ways it was an improvement. Rather than address them, you've made fun of them.
I did explain why all of them are wrong. If you call it "made fun", perhaps they are funny.
This means that you are actually _acting out_ the "not invented here" syndrome I was specifically addressing, you know that?
That's your perception and I have absolutely no idea how did you come to it.
Greater point missed: do you seriously think that the huge team of skilled engineers at the biggest computer company in history missed these points when they implemented this idea? Do you think you're smarter than everyone at Apple?
Honestly, this is a new low from you. Are you seriously trying the "proof by authority" trick? Well, I'm pretty sure many, perhaps even most developers at both Apple and Canonical realize how stupid the idea is but that doesn't stop their marketing from selling it as a great invention (compare with SLE 12->15 jump or even openSUSE 13->42->15 detour). What I find more disturbing is that you apparently buy it.
Or did you forget that this was not an Ubuntu innovation, it was an Apple one, which Ubuntu copied? Perhaps you were distracted by the chance to take some cheap shots at a rival distro. Suggestion: don't do that.
I don't care if it's Apple, Canonical or whoever. That idea being stupid has nothing to do with who came with it. If SUSE came with it, it would be just as stupid. You might have missed that I never held back from calling stupid ideas stupid when openSUSE came with them, both before I became an employee and after. In fact, I'm usually more likely to fight against stupid ideas in openSUSE as those do affect me directly.
How exactly? By forcing you to type those 5 extra characters?
If there's no root account available, you can't log in as it. This is not a hard point to understand.
One command is enough to give me a root login shell. What extra privileges would "logging in as it" give me? Absolutely none. What I need to get there? Knowledge of one password. What would I need in a normal distribution? Knowledge of one password. Actually, there is one difference: in normal model, it's a password which is only used when an administrative task is to be performed. In Ubuntu model, it's regular user's password, i.e. one which is used all the time, every time the user logs in, every time he unlocks the screen etc.
Up to Vista, in the Win NT family, on standalone machines, it was normal practice to log in as the administrator and use the machine that way.
(shrugs) People do a lot of stupid things. Not a reason to join them.
This was a terrible idea, but it was needed for a lot of software from the Win9x world to work, so that's what hundreds of millions of people were used to.
So, instead, you offer them working them under an account which, technically, is not a superuser but from practical point of view can do anything superuser can? Much better...
Except that there is regular user password which is sufficient to do anything so that the attacker does not need the root password and can "find out, social engineer, whatever" that one.
There is anyway. No real loss. But whereas a hacker knows the name of the root account because it's the same on almost all Unix machines, they don't know the username of the current owner/user.
Oh no, the "username as a second password" pseudoargument?
A more general lesson:
[1] "Those who cannot remember the past are condemned to repeat it." -- George Santayana [2] "Those who do not understand UNIX are condemned to reinvent it, poorly." -- Henry Spencer
I could also write a lot of completely irrelevant quotes but somehow I don't feel like it. To be honest, after you tried "proof by authority" and accused me of NIH which was based just on your imagination, I lost all interest in going on with this discussion. Enjoy your Ubuntu... Michal Kubecek -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org