Author: Martijn Dekkers Date: To: Apollia CC: dng Subject: Re: [Dng] Puppy Linux, AntiX - was Re: Puppy Linux-related thoughts
> > > Puppy Linux is interesting. I used it for awhile and liked that it was
> fast,
> > and fun. A bit lacking in software, but with the Slacko packages you can
> > make it better. My main concern about it was that it logs you in as root
> > (without even a password). A lot of people have expressed concern about
> this
> > apparent security hole, but Puppyistas are insistent that it's no
> problem. I
> > remain somewhat sceptical.
>
> I usually don't even think about that, but, when I do think about it,
> it worries me too. Thanks for bringing it up, I had forgotten all
> about that.
>
> My rather pitiful approach to security (other than burying my head in
> the sand) is mostly to just blindly hope that the people who think
> Puppy is secure enough are right.
>
> While running things as root and mostly not having to worry about user
> privileges, etc. certainly makes things simpler, I've always suspected
> it might be a dangerous and harmful oversimplification.
>
I believe a lot depends on how you use the computer in question. When you
are a desktop-mostly user, it is a very good idea to not run as root. This
is mostly due to the fact that certain less secure application you use to
interact on the Internet can do nasty stuff to your machine (I'm looking at
you, IRC). Running as root allows them to do so with root privileges.
There are no significant *security* implications when running as root if
you mostly use linux as a server OS. Simply banging "sudo" in from of most
of your commands doesn't help you at all when it comes to security. There
is a small benefit in not having the root account having a password, in the
sense that everybody knows that there must be a root account on your
machine, so that becomes an immediate target for every cracker with a
rainbow table and some sort of shell access.
Besides that, the reason that a distro like Ubuntu pushes you to use sudo
as opposed to root is mostly so that you don't accidentally break things.
However, it is my view that adding sudo in front of everything doesn't
actually stop you from being an idiot. rm -rf /* is going to do as much
damage as sudo rm-rf/*. sudo does help a bit when you have a multi-user
system, with multiple admin accounts, where you can claim to have some
deeper, finer-grained access control, but it is my view that this is also
more of a kludge. If you want to do it right, implement SELinux, or
AppArmour or something. However, properly implementing RBAC for such a
scenario is a massive undertaking in the larger scheme of things and few
people bother.
sudo is a mostly ineffective kludge at best, and for most users it provides
a very false sense of security.
IT security is very hard, it is a constant battle of real compromises, and
there are *no* silver bullets or magic programs that will make a system
secure. The best line of defense for day to day ops is not sudo, it is
knowing and understanding your system, its components, how they interact,
what they require, and how they expose you. Security starts and ends with
the user.