Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
Re: [opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
On Tue, Feb 12, 2019 at 03:47:57PM +0100, Liam Proven wrote:
On 2/12/19 3:15 PM, Michal Kubecek wrote:
...which is why people end up doing crazy things like "sudo su -". And,
voilà, they have a root shell anyway, except all they needed was the
regular user's password. That's supposed to be the security improvement,
having to write "sudo su -" rather than just "su -"?

``sudo -s'' is the easier way.

Which only supports my point.

This is an example of a pragmatic improvement.

That's no improvement.

I proceeded to list 3 ways it was an improvement. Rather than address
them, you've made fun of them.

I did explain why all of them are wrong. If you call it "made fun",
perhaps they are funny.

This means that you are actually _acting out_ the "not invented here"
syndrome I was specifically addressing, you know that?

That's your perception and I have absolutely no idea how did you come to
it.

Greater point missed: do you seriously think that the huge team of
skilled engineers at the biggest computer company in history missed
these points when they implemented this idea? Do you think you're
smarter than everyone at Apple?

Honestly, this is a new low from you. Are you seriously trying the
"proof by authority" trick? Well, I'm pretty sure many, perhaps even
most developers at both Apple and Canonical realize how stupid the idea
is but that doesn't stop their marketing from selling it as a great
invention (compare with SLE 12->15 jump or even openSUSE 13->42->15
detour). What I find more disturbing is that you apparently buy it.

Or did you forget that this was not an Ubuntu innovation, it was an
Apple one, which Ubuntu copied? Perhaps you were distracted by the
chance to take some cheap shots at a rival distro. Suggestion: don't do
that.

I don't care if it's Apple, Canonical or whoever. That idea being stupid
has nothing to do with who came with it. If SUSE came with it, it would
be just as stupid. You might have missed that I never held back from
calling stupid ideas stupid when openSUSE came with them, both before
I became an employee and after. In fact, I'm usually more likely to
fight against stupid ideas in openSUSE as those do affect me directly.

How exactly? By forcing you to type those 5 extra characters?

If there's no root account available, you can't log in as it. This is
not a hard point to understand.

One command is enough to give me a root login shell. What extra
privileges would "logging in as it" give me? Absolutely none. What
I need to get there? Knowledge of one password. What would I need in
a normal distribution? Knowledge of one password.

Actually, there is one difference: in normal model, it's a password
which is only used when an administrative task is to be performed. In
Ubuntu model, it's regular user's password, i.e. one which is used all
the time, every time the user logs in, every time he unlocks the screen
etc.

Up to Vista, in the Win NT family, on standalone machines, it was normal
practice to log in as the administrator and use the machine that way.

(shrugs) People do a lot of stupid things. Not a reason to join them.

This was a terrible idea, but it was needed for a lot of software from
the Win9x world to work, so that's what hundreds of millions of people
were used to.

So, instead, you offer them working them under an account which,
technically, is not a superuser but from practical point of view can do
anything superuser can? Much better...

Except that there is regular user password which is sufficient to do
anything so that the attacker does not need the root password and can
"find out, social engineer, whatever" that one.

There is anyway. No real loss. But whereas a hacker knows the name of
the root account because it's the same on almost all Unix machines, they
don't know the username of the current owner/user.

Oh no, the "username as a second password" pseudoargument?

A more general lesson:

[1] "Those who cannot remember the past are condemned to repeat it." --
George Santayana
[2] "Those who do not understand UNIX are condemned to reinvent it,
poorly." -- Henry Spencer

I could also write a lot of completely irrelevant quotes but somehow I
don't feel like it.

To be honest, after you tried "proof by authority" and accused me of NIH
which was based just on your imagination, I lost all interest in going
on with this discussion. Enjoy your Ubuntu...

Michal Kubecek
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
Follow Ups