Re: more bugs....



On Mon, 2002-06-17 at 21:26, David Moles wrote:

    > Seth expresses a concern about security in this bug. Personally I'm
    > against this, based on the assumption that gnome is most likely to be
    > used in more large scale installations, where most users don't have root
    > access anyway. For home users is pretty easy to just use sudo from the
    > terminal.
    
    Er... I think that depends on your profile of the "home user". It
    also depends on what kind of operations you're talking about. 
    Potentially you're making people drop back to the command line to
    do all sorts of things that they'd normally do in Nautilus. As it
    stands, I can't even start a second as-root Nautilus session if I
    want to graphically manipulate files that my normal login can't
    touch -- I have to log out and log back in as root. This seems like
    the sort of thing that leads Windows users to spend all their time
    as "Administrator".
    
    That said, maybe this is a bigger and more complicated story than
    just adding a menu item. Seth's security issues w.r.t. out-of-process
    components would need to be addressed, and if you could (for instance)
    open some windows as root while opening others as yourself, figuring
    out how the different privilege-level windows should interact could
    be tricky (as would, in a different way, making it clear to the user
    what was going on if you simply forbade them from interacting).

I agree - what happened to the su-helper dialog by the way?

The problem with "home user" and "security" is that more and more home
users have (often broadband) internet connections - and this puts the
security issues in a LOT different scale. Those people dont have the
skills to take care of security and stuff either, often lack firewalls
and stuff etc. There are already very nasty cases in Windows with all
those backdoor/spyware/dialer and whatever things "normal users" might
not even have a clue they are running in the background. So it is not
just whether I move /usr/ to /tmp or drag /dev/null over /dev/hda by
accident* - it is also a wider issue, and not exactly easily solved
either. But you probably knew this already.. :-)

Tuomas

[* kids, dont try this at home]

-- 
:: :: Tuomas Kuosmanen  :: Art Director, Ximian :: ::
:: :: tigert ximian com :: www.ximian.com       :: ::




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]