[ale] Linux Distributions
    Jim Popovitch 
    jimpop at yahoo.com
       
    Tue May 17 23:09:35 EDT 2005
    
    
  
On Tue, 2005-05-17 at 21:43 -0400, Michael B. Trausch wrote:
> The point is that if you're running as root, you're effectively making
> it that much easier to replace binaries.  That's the point.  That's the
> security-smart reasoning behind it.  You're then bypassing any sort of
> protection that is there to help you as an SA keep it intact and reduce
> your workload later.  init, runs getty, and it's own scripts, protect
> them, and you're more secure then just running as root.
If that is it, and only it, then it is a weak reason to require a second
priviledged user account just to protect binaries.  Mount things ro, or
chattr, (something like MS System Restore), etc., but a second
credentialed account (root) seems like a more vulnerable solution and
one with a false sense of security. 
-Jim P.
    
    
More information about the Ale
mailing list