[ale] why I love windows

mike at trausch.us mike at trausch.us
Tue Jan 31 14:07:39 EST 2012


On 01/31/2012 01:03 PM, Jim Kinney wrote:
> On Tue, Jan 31, 2012 at 11:24 AM, mike at trausch.us
> <mailto:mike at trausch.us> <mike at trausch.us <mailto:mike at trausch.us>> wrote:
> 
> 
> 
>     Ultimately, I would like a system that enables me to do certain things
>     without having to elevate my own privileges.  There is (to my knowledge)
>     absolutely nothing to stop a program lurking in my userspace from
>     starting up in the window system and watching for me to gain root access
>     in a terminal window to do nasty things before I can stop it.
> 
>     But if I were allowed to “aptitude update && aptitude safe-upgrade” or
>     “emerge --sync && emerge -DNua world” without invoking root privilege,
>     by having helpers go and request that backends kick in and do their
>     jobs, then I never have to run “sudo” or become root.  I can just type
>     the commands and if I have the permission to run them, the backend will
>     start up for me; if I do not have the permission to run them, the
>     backend will return a permission denied error.  And all the while,
>     nothing can lurk in my window system and try to take advantage of a root
>     shell while it’s in a terminal window.
> 
>            --- Mike
> 
> I don't understand what the advantage is of totally blurring the line
> between user and admin is. You can right now set up your non-root
> account to do root-ish things with no further work other than typing the
> command.
> 
> The hard separation exists for a reason. It's better to learn the tool
> chains available before embarking on a new project to reinvent the
> wheel. SELinux and AppArmour are very similar in concept but different
> in operation and practice. As you use Debian derivatives, learn
> AppArmour. If you use RedHat derivatives, learn SELinux.

Sorry to reply to the same message twice, but I only realized that I
wanted to ask about this particular point after I sent the first one.  Oops.

In my first ¶ there, I mentioned that there is “… nothing to stop a
program lurking in my userspace from starting up in the window system
and watching for me to gain root access in a terminal window to do nasty
things before I can stop it.”  Does SELinux have anything that can do
that?  For example, if I am an administrator on a system that has
SELinux enabled, and I have access to do things like reset passwords,
can a program be stopped from interacting with my terminal session
automatically in some way?  I suspect that the answer is no, since while
it would use file descriptors to do its job (that is how it would
communicate with X, after all), basically any program on the system is
going to have the ability to connect with X either via UNIX sockets or
via TCP or UDP (I forget which) sockets.

This is one deficiency in X11 that I can think of.  It should (but does
not) have mechanisms in place to be able to assure a software program
that input is coming directly from a user and not from an automatic
process.  I could see that as being a really useful feature.

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 729 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20120131/51472cf7/attachment.bin 


More information about the Ale mailing list