Fedora nonsense

Tue Nov 24 22:36:01 CST 2009

On Tue, Nov 24, 2009 at 3:25 PM, Jack <quiet_celt at yahoo.com> wrote:

> Wow! It's been a while since I even looked at RH. Thanks for the detailed
> breakdown. It actually sounds like a good thing the way you describe it.
> The thing that always bothers me about sudo is, once you give it a
> password, any application running under your userid can up it's privileges
> for some time to come, and also, any malicious program you accidentally run
> for several minutes after automatically can do any root thing it wants,
> because you've already supplied the password (maybe, see next paragraph).
>

Well, that's assuming your sudo setup is one allowing global root access.
In most multiuser environments sudo is much more restricted.

If sudo only allows you to restart Apache there's not much malware can do.

> I've read "stories" (BYO salt) on the web that talk about Linux machines
> getting infected by having run sudo shortly before "accidentally on purpose"
> running a Windows virus just to see if it would run, and then having it bork
> the machine. So sudo isn't all that much safer - and may be less so. I've
> actually tested running Windows viruses on my machine, well in a vm on my
> machine. Some Windows viruses actually do run, and some can actually do
> damage if you have Wine that is. I have yet to see one break out of a VM.
>

I think you're correct in taking those stories with a grain of salt.

> Although, I'll reserve judgment until I see it in action. I'd much prefer,
> to have to be asked for my password for either every install, or for every
> batch install. And especially for intsalliing anything, I didn't preselect
> or ok to add. Of course, this only keeps out the "under the radar" malware.
> Won't stop the "You should install me, I'm a kewl app!" malware.
>

This is clearly targeted at desktop environments and for newer users.  Also
keep in mind that this only worked for SIGNED packages (with installed GPG
keys) from known repositories.  In other words, core Fedora packages or
other repositories explicitly enabled.  The chicken littles that were
crowing about this didn't read the fine print.

> d) a distro that installs all you usually want, negating b) and c),
>

This new feature was in direct opposition of that.  The goal was to allow a
more lightweight distribution that adjusts as needed.

Jeffrey.

-- 

"He that would make his own liberty secure must guard even his enemy from
oppression; for if he violates this duty he establishes a precedent that
will reach to himself." -- Thomas Paine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kclug.org/pipermail/kclug/attachments/20091124/5eef7664/attachment.htm>