Joined: Feb. 2007
||Posted: July 29 2007,19:08
|What I think is that Puppy resembles '95 not so much in the security problems as in the desktop experience - this I think is a positive boon rather than a harmful thing.|
I don't. Users who want a similar desktop experience can use JWM and dfm like DSL 4 is using (dfm is much more like Windows than rox). I don't consider running as root a viable or reasonable compromise, and I can't advocate people who want a 2.6-based live CD to install to hard drive choose something like Puppy. People who presume that Linux is inherently safer than Windows are greatly mistaken, especially when they start from the same user=administrator baseline Windows 95 did. Windows 95 wasn't inherently unsafe because it had a registry, it was inherently unsafe because it was wide open by default.
SO IS PUPPY. SO IS DYNE. SO IS ANY OTHER DISTRO THAT ABUSES/MISUSES PERMISSIONS AND RUNS EXCLUSIVELY AS ROOT TO MAKE THINGS "EASIER" FOR USERS. IT ALSO MAKES THINGS EASIER FOR EXPLOITS TO THE WHOLE SYSTEM REMOTELY -- AS WAS THE CASE WITH WINDOWS pre-NT -- AND LOCALLY. THIS SHOULD NOT BE AN OPTION, AND THIS IS WHY PUPPY SHOULDN'T EVEN BE CONSIDERED "LINUX" OR CONSIDERED IN ANY DISCUSSION ABOUT THE FUTURE OF DSL-N. DSL-N IS SAFER, IS A BETTER IMPLEMENTATION OF LINUX.
(Sorry for caps, but puppy:dsl-n is totally apples:oranges.)
|Let's assume for argument's sake that it is very unlikely to get Linux infected with spyware and viruses - the 2 big killers|
I'm not going to make that assumption, and I'm also not going to assume that running as root is as inherently safe as using sudo. It isn't. Running LOCALLY, on a non-networked computer, as root is relatively safe if you know what you're doing. Running on a network (internet) as root is NOT safe. You can dismiss it on the grounds that Puppy (or Dynebolic or any other CD that runs only as root and is installable) is read-only, but anyone able to exercise control of your system locally or remotely can mount any partition and do whatever he or she wants.
And with the proliferation of live CDs that run as root (puppy, dyne), it wouldn't be difficult for a server that's either run by unsavory people or has been compromised to take advantage of people using them (deleted fuller concept). Your worst nightmare then isn't a virus, it's someone getting a dump of your hard drive's contents, erasing it or your MBR, and/or even doing something that can potentially harm your hardware.
Another big difference between root and sudo: you can't tighten permissions on root. You can tighten them for other sudoers. I think you SHOULD. Using sudo shouldn't be indiscriminate or capricious, it should be thoughtful and methodical. I think it's wise to limit what applications -- particularly those that reach networks -- can do when used as a user with sudo privileges. For example:
I wrote within the last couple weeks in another thread that I usually scrap sudo (if it's part of a default install) or don't install it at all (e.g., on a BSD install). I'm not a fan of it even though I agree it's a reasonable compromise, particularly where there's a need for more than one person to be able to make system-wide changes. It prevents the need to give root passwords to more than one person. It's also auditable. Etc.
| - whether you run as root or not. The remaining security risk is running as root itself - which I think deserves a debate in itself.|
I think you're too dismissive of the risks and too permissive of puppy's sloth in the same regard.
EDIT: I don't mean for this to sound so harsh and it's not personal, but I think the issue is too important to treat lightly or to treat as "they do it this way" and "we do it this way." They do it wrong. It may not be a major problem right now, but the potential is there for widespread harm. I don't think developers should accept that as a trade-off. I don't think users should accept it, period.
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)