Re: [PATCH] Single user linux

From: Ronald Bultje (rbultje@ronald.bitfreak.net)
Date: Thu Apr 26 2001 - 08:47:42 EST

On 2001.04.26 13:31:54 +0200 imel96@trustix.co.id wrote:
> On Thu, 26 Apr 2001, Helge Hafting wrote:
> > The linux kernel ought to be flexible, so most people can use
> > it as-is. It can be used as-is for your purpose, and
> > it have been shown that this offer more security _without_
> > inconvenience. Your patch however removes multi-user security
> > for the many who needs it - that's why it never will get accepted.
> > Feel free to run your own patched kernels - but your
> > patch will never make it here.
>
> i don't understand, that patch is configurable with 'n' as
> default, marked "dangerous". so somebody who turned on that
> option must be know what he's doing, doesn't understand english,
> or has a broken monitor.

I can make a virus, patch the kernel and send it in, with a 'N' by default.
But what is the use of this? Do you think this will be implemented???

Your thing is as dangerous as a virus, basically. It gives root to
everyone, although they have separate UIDs. And whenever there is a way out
(i.e. surfing the web, reading mail), there is a way in. So that would make
your system a very nice target to hack -> since you basically are root this
means they can change anything as soon as they have access. If you're not
root, they can't, since they can only do what you as a user can do.
The whole goal of your patch is to make computer life easier. This patch
doesn't do that - it goes far worse. We gave you a few suggestions on
better/easier ways to accomplish this goal - take them as advice and use
them instead.

Easy: chmod -R 777 / (same risk, though)
Good: use su for installing software (su -c "make install")

Can't get much easier than that (and if a clueless user needs to do this,
let him use redhat's RPM manager, "enter your password" with a nice
X-window, and press that button "install" - same effect)...

You don't need to patch the kernel for this... 

--
Ronald Bultje

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:15 EST