Jun 17, 2014, 8:31 PM
Post #27 of 31
(2247 views)
Permalink
Frank Peters posted on Tue, 17 Jun 2014 09:04:34 -0400 as excerpted:
> The problem with all Linux distributions, and not just Gentoo, is that
> they are directed toward a multi-user, networked environment. As a
> consequence, they exhibit security and other features that generally
> make no sense whatsoever for a single-user desktop machine that
> optionally connects externally only with an ISP through a router/modem.
> In the single-user, desktop environment, the probability of a buffer
> overflow "attack" is virtually nil, especially if one is highly
> selective about "surfing" the Internet and employing Internet software
> (which I am).
> My system is configured in a way that is quite contrary to recommended
> Linux practice (for example I run only and always as the root superuser
> and have no need for file permissions) but yet it makes perfect sense
> for my situation.
>
> Are single desktop users that much of a minority? I would hope not.
While I strongly disagree with your position, I equally strongly respect
you for knowing what you want and sticking to it. As I said earlier,
gentoo wouldn't be gentoo if it didn't both allow such a thing and make
it reasonably easy by exposing and automating the tools necessary to do
such things, and that sort of individualism is /exactly/ what gentoo is
about. =:^)
As to the disagreement, I guess I'm a single-human-user desktop system
user too. But I recognize the benefits of running various daemons as
their own (non-human) user, for instance, and in fact, I've gone to some
lengths to setup two entirely separate user accounts, a generic user
account and a sysadmin account, so I don't have to "take the name of root
in vain" when I have my sysadmin hat on.
My normal user is deliberately quite restricted, only a very few
restricted sudo commands available, etc. It's the only one that runs X.
One of the few things that user CAN do, however, is sudo (with password)
to the admin user.
The admin user in turn has unrestricted passwordless sudo, but does NOT
operate as root /without/ that sudo. Running as the admin user, among
other things I avoid live-editing a potentially damaging command (like
rming a system file) as root -- I type the command in and initially run
it as the unprivileged admin user. Of course then the risky command
fails with a permissions error, but in so doing it lets me see exactly
what it WOULD have done (which files it would rm, etc). If and only if
it's the file(s) that I intended (and ONLY those files), I can quickly
uparrow to bring the command back, hit home and add the sudo, to run the
command for real. But that admin user doesn't run X, nor can I su or sudo
any X-based apps as root, from my normal X-using user. Superuser is
strictly limited to the commandline, and even then, I normally don't run
a full shell as superuser, instead only executing specific commands as
superuser using sudo.
So quite in contrast to you, I don't normally even escalate to superuser
even when I'm doing admin tasks, except for specific commands. But sudo
and sudoedit (which I have aliased to simply s and se, respectively, with
an smc for sudo mc, as another frequently used alias) are tools I use all
the time.
Meanwhile, as rich0 already alluded to, several of the recent malware
incidents have been propagated via otherwise legitimate ad-networks,
placing vuln-trigger ads on otherwise legitimate and widely respected web
sites. If you're running ads on your favorite news site, you're
potentially vulnerable, as that's specifically the channel of attack
they're using these days.
Now of course I run noscript and request-policy, both set to whitelist
mode, blacklisting all off-site scripts and all site-to-site-connections
except those that I've specifically allowed, and I also run privoxy, so I
don't tend to see many ads. And I don't actually have any plugins
registered either and DEFINITELY no servantware such as flash, another
typical malware-injection method.
But that doesn't mean I don't appreciate stack-smashing protection and
the like for my browser, and in fact, every time /any/ program segfaults
or the like, I find myself quickly evaluating the chance that said
segfault was due to a buffer overflow, what might have triggered it, the
data I was working on at the time and where it came from, and the
potential risk of malware injection. So I'm certainly appreciating this
SSP here as I appreciate the lowering of risk profile it brings! =:^)
But obviously your use-case and mine are about as contrasted as they
could be even if we're both running single-human-user desktop systems;
you're running as root all the time, while I try not to even run a shell
as root. You don't care about SSP and the like, while I definitely
appreciate the lower risk profile and spend a significant amount of my
time educating myself on current security issues and actively avoiding
things that might increase my risk profile.
But as I said, I can and do still respect that. You have every right to
run that way if you like, and gentoo even tends to make it easier for you
to do so. =:^)
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman