Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (3) </ 1 [2] 3 >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: Security  - Features, or afterthought ?, Security side-effects in DSL and MyDSL< Next Oldest | Next Newest >
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: Jan. 25 2005,23:40 QUOTE

Quote (clacker @ Jan. 25 2005,14:19)
simple-user, do you think some proccess (terminal or flua) where the user would need to log into the liveCD each time with a password (whatever they want, could be different every startup)?  Then if they want to su or sudo the would need that password?

I kinda like that idea.

At the same time I believe it is the responsibility of the user to deal with passwords.  If a person thinks a passwordless root is unsafe, he has the ability to fix that himself.  Something that simple shouldn't be a cause of worry.


--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
DonttPanic Offline





Group: Members
Posts: 95
Joined: July 2004
Posted: Jan. 26 2005,03:00 QUOTE

Quote (simple-user @ Jan. 25 2005,11:04)
But be mindful that a rouge MyDSL in
current implementation (2005/01) running even from a CD can wipe
out entire hard drives in just a few moments the way that DOS/Windoze
virii have done.  Or it could be worse, it cout turn those machines
into zombies on the internet.

I would be concerned with that. A person running DSL from liveCD would assume their hard drive is safe. But what if a hacker could get control of the computer without the user noticing? The hard drive could probably be mounted and deleted.
Back to top
Profile PM 
sci_fi Offline





Group: Members
Posts: 23
Joined: Jan. 2005
Posted: Feb. 06 2005,21:39 QUOTE

clacker, simple-user:

In response to the question below:

I personally would like to see such a process to allow setting a session-only sudo password, perhaps available thru the dsl library. I can re-master to include at my discretion.

I believe that the live-CD approach offers a huge opportunity to move linux into the mainstream. A DSL based live CD offering the user virtually total security while surfing the net would meet a currently unmet user need.

Such a CD could include virus scanning capability and anonymous surfing capability and Open Office  (for email attachments) as well. The key is to make this live CD nearly brain-dead simple to use, so the Windows users (the target market) have a painless introduction to linux while surfing safely on their existing PC.

Any interest in working on this. I am experimenting but am still pretty much a linux newb so progress is slower than I would like.

Thx.

Greg

--------------------------------------------------------------------------------
simple-user, do you think some proccess (terminal or flua) where the user would need to log into the liveCD each time with a password (whatever they want, could be different every startup)?  Then if they want to su or sudo the would need that password?
Back to top
Profile PM 
yyyc514 Offline





Group: Members
Posts: 41
Joined: Aug. 2005
Posted: Sep. 02 2005,16:47 QUOTE

Quote (roberts @ Jan. 25 2005,18:29)
3. We do not accept custom code in the user contributed extensions.

What exactly does this mean pratically?
Back to top
Profile PM 
WoofyDugfock Offline





Group: Members
Posts: 146
Joined: Sep. 2004
Posted: Sep. 08 2005,17:16 QUOTE

Quote
Quote (roberts @ Jan. 25 2005,18:29)
3. We do not accept custom code in the user contributed extensions.

What exactly does this mean pratically?


My guess would be that this means extensions containing binaries made from (or altered with) contributors' own private, non-publically testable code should not be submitted, as opposed to binaries compiled from source code that is available and verifiable in the public domain.

PS: I saw somewhere that Debian is in the process of setting up automatic verification of the gpg signatures of .deb packages (perhaps it is already working).
That might be something worth considering one day for dsl extensions.


--------------
"We don't need no stinkin' Windows"

http://news.zdnet.co.uk/software/linuxunix/0,39020390,39149796,00.htm
Back to top
Profile PM 
13 replies since Jan. 25 2005,16:04 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (3) </ 1 [2] 3 >/
reply to topic new topic new poll
Quick Reply: Security  - Features, or afterthought ?

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code