root

Denis shulyaka at gmail.com
Thu Jan 10 23:30:49 CET 2008


So why did OpenMoko developers decided to run everything as root?

2008/1/11, Brandon Kruse <admteamkruz at gmail.com>:
> Good luck easily hacking over a GPRS connection. Make your password
> longer than 6 characters, a ban after retry attempts, take it off port
> 22 and that will save 95% of attacks from script kiddies. (everything
> I listed is controllable on sshd_config, I believe)
>
> Just imho it helps, opinion and experience :)
>
> But overall, I agree, but your privileges are only as safe as your
> software.
> (eg when you run a socket based process as root, you trust it.)
>
> However, you make a good point :)
>
> Kde and gnome take that precaution with gtk based Sudo when you login
> as a normal user (at least in debian/ubuntu) and I like that method.
>
> --------------------------------
> Brandon
>
> On Jan 10, 2008, at 3:43 PM, Denis <shulyaka at gmail.com> wrote:
>
> > But as far as I understand it's not secure, esp. for a device with
> > wi-fi, bluetooth, gprs and running ssh daemon! Linux gives us a great
> > power of user privilegies management but we waste it. Woldn't it be
> > better to run everything as an unprivileged user, or at least ask for
> > password at first run time?
> >
> > _______________________________________________
> > OpenMoko community mailing list
> > community at lists.openmoko.org
> > http://lists.openmoko.org/mailman/listinfo/community
>
> _______________________________________________
> OpenMoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
>




More information about the community mailing list