Text 2427, 136 rader
Skriven 2005-03-30 10:30:00 av MARTIN ATKINS (1:123/140)
     Kommentar till en text av ROSS CASSELL
Ärende: rooted
==============
-=> ROSS CASSELL wrote to MARTIN ATKINS <=-

RC> Hello MARTIN!

RC> 28 Mar 05 23:40, you wrote to ALL:

CA>> Why not move this to the LINUX echo where you can explain to
CA>> the rest of the Linux users that you alone can operate as root
CA>> 24/7 safely and have no reason to worry about doing this?

MA> Worry? No i don't worry. What i said is that if something goes wrong
MA> i learn by it. But what you have said is that i am a danger to others
MA> on the internet. So far you have indulged in wild speculation about
MA> what could happen but produced little factual information by the way
MA> of how it can happen.

RC> Having not seen the entire thread..

Bellow is an exact transcript of how the thread got started.
The unquoted text is my advice to TW.

********************************************************************

ML>user accounts aren't to protect you from other users... they are to protect
ML>machine (OS) from you _and_ to protect both from hackers on the outside...

TW> My feeling is that IF I am so stupid as to shoot myselof i nthe Foot I
TW> deserve what I get. I DO NOT WANT PROTECTION FROM MYSELF.
TW> That destroys any learning possabilities and turns Computer usage into
TW> a Mindless Game.

I operate as root all the time. I take some very simple precautions
before going on the web.

I unmount all remote file systems and unused local mounts. I filter
out spam and shove it straight into the garbage bin. I don't run
any web servers but if i did i would just fire wall them. Like
you i am the only one who uses my machines so no need for any
user accounts although i do have one but only for curiosities sake.

I am always fiddling with things that need root privileges and
like you i do not need protecting from myself. If i screw up
it is just a another lesson to be learned. If you are not hooked
up broad band 24/7 then your vulnerability is minimal and unless
you intend becoming an administrator of a multiuser multiserver
environment i would just enjoy yourself and see if you can get
Linux to do what YOU want it to do.

***********************************************************************

Note here that i am in no way being being critical of ML as he is 
giving TW sound advice, however i noticed what seemed to me a growing
irritation on behalf of TW. My advice to TW was aimed encouraging him
to explore Linux and provided he didn't run a network it was ok
for him operate as root until he got it to do what HE wanted.

TW has a Win setup that does what he wants it to do so any Linux
setup would not be critical to his overall computing needs.

RC> It is not "wise" to as a rule of thumb to do your day to day computing
RC> while logged on as root (SU'd) or as root.

Not wise yes, if you are running a network or if your linux setup
is critical to your computing needs. In my case i consider
my setup to be a development machine so i am constantly pulling
it down and rebuilding it. If my machine became compromised then
it would be another area to be explored and if not reported by
others using Linux i would report the exploit and invite comment
by those that use open source software. My setup is doing what
i want it to do but it may not be appropriate for others to operate
the way i do.

RC> I dont know if this is what you do, but you should only use root to
RC> administer system configuration and thats it.

It is what i do but you see that i am testing for vulnerabilities
when i surf the net. This doesn't mean i don't take sensible precautions
such as filtering spam and setting up a firewall. After all you can't
discover anything about road safety by jumping out in front of speeding 
cars.
Now back to the flame war that has developed between me and Charles.

Charles suggested that by doing things the way i do that i am a menace
on the internet. According to him it's people like me that spread
viruses and Trojans around the world. I pointed out to him that it
was the abundance of ignorant Windows users that spread viruses and
Trojans and it doesn't matter whether i am root or user i can spread
nasties over the internet. I invited him to explain how root is at 
greater danger of sending virus etc.

He sent back a one line answer saying i could do it by receiving spam.

I pointed out to him in my original message to TW i was carefully to say
that all spam goes in the trash can.

This is a precaution taken by any one who is reasonably concerned by
security of their system.

Not happy with that Charles shot back that. 

"No one, not even a person as arrogant as you, can write a
perfect spam filter. Get a grip!"

I pointed out that once have my filters setup i have only ever
had one spam get through. Again i invited him to explain how i am
more liable to send Trojans and virus operating as root in a way
i can't do it as a user. He seems reluctant to address this point.

His latest idiotic assertion is and i quote.

"Sure. Once you are 'rooted' the hackers can install/modify your
system to be anything they want it to be."

Notice how Charles indulges in wild exaggerations and studiously
avoids any specifics. This is the kind of bullshit Microsoft likes
to spread about open source operating systems.

If you are interested in how the entire thread developed it can be
picked up by a message from me to Tom Walker under the topic heading.

"Win95 Harddrivacide" in the Tech echo dated 03-18-05 

Because this is a long message let me reiterate i use this system
to surf the net receive email and get the fido. It is a dial up
connect. I call it a my development machine. This year i have 
completely installed Fedora core 2 twice, Mandrake 9 five times
and Mandrake 10 three times. I invite comment on the _real_ 
exploits i open myself up to operating as root. Besides the 
usual precautions My remote machines are always isolated (turned off) 
and all unnecessary partition and disks are unmounted before 
i go on the net.

L8r. :)
 
--- MultiMail/Linux v0.46
 * Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)