moko running everything as root
subscribers at tinsputnik.com
Mon Jun 16 18:26:32 CEST 2008
Joerg Reisenweber wrote:
> If you have root AND user, root can make a backup copy of user's valuable data
> every once in a while, and user or the virus she imported while browsing the
> web can NOT destroy this backup.
> I can't follow your arguments. It's NOT an evil person we need to fence in,
> it's bad behaviour of applications that go nuts on (virus|bug|user fault|*)
> If we don't start to care about this topic NOW, we will see lots of poor
> designed apps that rely on having root access where they shouldn't, and we
> end up in a situation like M$, where the whole system is so much root-centric
> that you simply can't switch to a sane user-management anymore, because it
> would break half the system. To fix those apps later is a major PITA.
> I just "talked" to Wolfgang Spraul and he answered
> "But right now we are selling to hardcore developers only, so it's not
> our #1 priority.
> Once our software becomes more stable and mature, this needs to be
> addressed seriously. The good news is that the FOSS community is
> pretty paranoid about this, so I'm sure over time we will have a good
> It's a FOSS project and you are "the community", so just contribute! I'd say,
> do it *now*, as long as it's easy.
I would be willing to sacrifice any future features in favour of working
on this first.
As I think about the implications of this more and more its clear:
Linux wins the security war not because of technology BUT BECAUSE OF OUR
It is the culture of our users that makes us safer. Hell, even Ubuntu
is able to get noobs to follow the simplest security measures such as
not running as root, surely we can do the same.
I say let's learn from the mistake of M$ and lets out think then because
we sure as hell aren't going to outcompete them.
More information about the community