Re: More desktop security thoughts (was Re: GNOME privilege library)
- From: "Larry W. Virden" <lvirden cas org>
- To: desktop-devel-list gnome org
- Subject: Re: More desktop security thoughts (was Re: GNOME privilege library)
- Date: Fri, 14 Jan 2005 07:58:59 -0500 (EST)
From: Havoc Pennington <hp redhat com>
> The only time end users need the root password is when we have a
> technology bug that makes capabilities insufficiently fine-grained to
> properly say "users can do X, but not Y"
Here's a story I was told by a friend who is a consultant.
A company paid him to set up a Unix system for them to run real time
software that ran some machinery.
One day, soon after he had turned things over to them, he got a
panicy phone call saying the system no longer ran. He asked about
the symptoms, and the reply was that they could not log into the
system.
He drops by the site, and sure enough, the users could not get
into the system to get it going.
He rebooted the system into single user and took a look. Nearly all
files and file systems were missing.
He reloads the system, and then asks the owner what happened.
The owner's reply - "I don't know. Yesterday I was just cleaning up the system,
and everything seemed to be okay."
"Cleaning up the system?"
"Yes, you know - deleting the unnecessary files, etc."
"What unnecessary files?"
"Oh, there were just all sorts of files that were just cluttering up things. I was
deleting all the stuff that was unrelated to the system."
"Like what?"
"Oh, you know - the usr directory - we don't have any users on the system. The tmp
directory, and there was a really big weird file called vmunix that was taking up a lot
of disk space."
Did the above _really_ happen? Shrug. I wasn't the one telling the story.
I assume that the person telling me that it happened to him was telling me the
truth.
But, with every user having the ability to do what every they want, the ability to
do damage out of ignorance or by mistake must never be underestimated...
--
Tcl - The glue of a new generation. <URL: http://wiki.tcl.tk/ >
Larry W. Virden <mailto:lvirden cas org> <URL: http://www.purl.org/NET/lvirden/>
Even if explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.
-><-
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]