On Sat, 21 Mar 2009 02:58:13 -0700 Thorny <thorntreeh...@gmail.com> wrote:
... > Naturally any of this is opinion on both sides. It isn't really possible > for me to give data that shows something doesn't exist. And, you have > no reason to believe me or anyone else but will you please review this > article by Rick Moen, he makes a cogent argument. > > http://linuxmafia.com/~rick/faq/index.php?page=virus > > If after reviewing it you still think you are correct, aside from possible > semantic differences about the definition of virus, cone back and I > suppose we can try to discuss further or agree to disagree. Otherwise, I One serious flaw in his article is that he doesn't consider the case of users who have full passwordless sudo enabled for their normal user account (some_user ALL = NOPASSWD: ALL). I know this is not the safest, most paranoid setup, but I suspect that it's fairly common. Moen argues that: "Last, you say, surely sysadmins stupid enough to take dangerous actions as root must be becoming the norm instead of a rarity, given Linux's current explosive growth — thus undermining the whole security model. This, too, is true — but there are powerful forces at work to educate new sysadmins: The administrative tools, themselves, tend to stress that the root account is dangerous and should be used minimally and carefully, as does Linux's new-user documentation. Also, those sysadmins resistant to learning this message via such avenues inevitably learn it the hard way, by destroying or crippling their systems repeatedly — until they learn. In that regard, viruses do not even stand out from the general likelihood of repeatedly destroying one's system, until one learns to not do unwise things as root. The difference between "hostile" executables (such as viruses) and others is academic, when a root-account user can already shoot off his/her foot or other vital parts, with one of myriad, brief commands. Put the other way, the same survival skills by which you, as a novice sysadmin, will cease destroying your system directly will also, more generally, dissuade you from doing unwise things as root, thereby incidentally keeping viruses and their kin off your system. Or, put a third way, the Linux community would see no real distinction between novices who (as root) infect their systems (if this should ever happen to significant numbers of them), and those who accidentally type some variation on "rm -rf /" (delete all files) while logged in as root: Both are a result of inexperience and lack of caution. In both cases, education, attention, and experience are a 100% effective cure." But this equivalence between insecure systems and those likely to fall victim to an accidental "rm -rf /" breaks down for the above case, since accidents become much less likely, but a virus can still do whatever it wants by prefacing its actions with 'sudo'. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
