Show Posts
Quote
A much more severe breach of the traditional UNIX security model was brought by the (otherwise very promising) Pardus Linux.
Part of their set of innovative features, a new concept was created around the new configuration manager COMAR: the first user (the one who installed the system) is granted some special administrative privileges never seen before. It is practically half-root, because he can perform a wide range of administrative tasks (adding/removing packages, starting/stopping services or the firewall, etc.) without being ever asked for a password!
Pardus developers explained that this feature could be offered as an option only with the next release, however this doesn't change anything at all: the evil was done. For the sake of the user's convenience, basic Linux principles were broken. Should people get used with this, they will ask from other distributions to provide them with such a feature.
Sadly, whereas even Microsoft tried to improve the security in Vista and to educate the home user not to use an administrative account, there is a Linux project trying to do exactly the opposite.
Requiring either the user password or the root password before performing administrative tasks was already possible through sudo (also kdesu, gksudo) or an appropriate PAM-based authentication (consolehelper). Granting a user the right to "sudo" without a password was already possible, although hardly a good choice. A possibly good feature would be to configure sudo to accept more trivial tasks such as changing the system time (not critical for home use) without a password, but not more (no, setuid is not an option, it's actually much worse).
Irresponsible approaches made from the highly praised (even by me) Pardus a black sheep from a security standpoint. At times, open source rhymes with thoughtless design and severe flaws.
Just forget about the name of the distro I just mentioned, although it is going to be a trend-setter. In a few years, on public request, half of the 500+ Linux distros will have the security features perverted.
Part of their set of innovative features, a new concept was created around the new configuration manager COMAR: the first user (the one who installed the system) is granted some special administrative privileges never seen before. It is practically half-root, because he can perform a wide range of administrative tasks (adding/removing packages, starting/stopping services or the firewall, etc.) without being ever asked for a password!
Pardus developers explained that this feature could be offered as an option only with the next release, however this doesn't change anything at all: the evil was done. For the sake of the user's convenience, basic Linux principles were broken. Should people get used with this, they will ask from other distributions to provide them with such a feature.
Sadly, whereas even Microsoft tried to improve the security in Vista and to educate the home user not to use an administrative account, there is a Linux project trying to do exactly the opposite.
Requiring either the user password or the root password before performing administrative tasks was already possible through sudo (also kdesu, gksudo) or an appropriate PAM-based authentication (consolehelper). Granting a user the right to "sudo" without a password was already possible, although hardly a good choice. A possibly good feature would be to configure sudo to accept more trivial tasks such as changing the system time (not critical for home use) without a password, but not more (no, setuid is not an option, it's actually much worse).
Irresponsible approaches made from the highly praised (even by me) Pardus a black sheep from a security standpoint. At times, open source rhymes with thoughtless design and severe flaws.
Just forget about the name of the distro I just mentioned, although it is going to be a trend-setter. In a few years, on public request, half of the 500+ Linux distros will have the security features perverted.
