Welcome, Guest. Please login or register.
April 20, 2014, 02:43:41 AM
Home Help Search Calendar Login Register
Show unread posts since last visit.
News: Let Pardus-Anka become #1: Pardus-Anka Bug ReportPardus-Anka World Google+ | The Pardus wiki  | Visit Pardus-Anka official website  | Register as forum member?  Email the moderator!

+  Pardus Worldforum
|-+  General
| |-+  General topics
| | |-+  How secure is Pardus?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How secure is Pardus?  (Read 2397 times)
PoundMaker
Newbie
*
Posts: 3


View Profile
« on: March 27, 2007, 00:32:14 AM »

I love this distro but I am concerned that I am hardly ever prompted for root privileges (ex: when I come to install software using PISI why no prompt for root password?). Is this a problem?
Logged
Willem
M.D.
Administrator
Pardus Guru
*****
Gender: Male
Posts: 1020



View Profile WWW
« Reply #1 on: March 27, 2007, 07:02:38 AM »

Pardus is made for desktop usage, thats why the standard profile has  as much privileges as lets say an Apple OSX user. So there is still more than enough security.
When you want to give yourself less rights, you can arrange this in Tasma.
Logged

For freedom...
PoundMaker
Newbie
*
Posts: 3


View Profile
« Reply #2 on: March 27, 2007, 19:59:53 PM »

Thanks for the information.
Logged
Steve.K
Newbie
*
Posts: 7


View Profile
« Reply #3 on: May 04, 2007, 00:29:11 AM »

I'm not sure if I get this. What's to stop any malware from altering my system settings if I'm not being prompted for my password? And I don't want to have less rights via Tasma or anything else - I just want to be prompted to verify that I am who I claim to be.

I really like Pardus but I am having some concerns about the security model.
Logged
Willem
M.D.
Administrator
Pardus Guru
*****
Gender: Male
Posts: 1020



View Profile WWW
« Reply #4 on: May 04, 2007, 06:56:43 AM »

Hi Steve,
do you have a proof of concept that there is a security problem? This would also have implications for OSX! Sad
On command line you will always be prompted for a password, so no automated scripts can be executed. For package management you always have to start it by actualy clicking.
You say: "I just want to be prompted to verify that I am who I claim to be. ", you are, when you login on startup.
Please show your security concerns with an example
Logged

For freedom...
Steve.K
Newbie
*
Posts: 7


View Profile
« Reply #5 on: May 04, 2007, 07:51:20 AM »

So let me get this straight: Basically I run as root in the GUI but not from the CLI? I can see the advantages of that, given that malware can't move and click a mouse, but lets say I left my PC unguarded for 10 mins - what would stop someone from removing core programs with PiSi? I read in the debate with that Berenger loon that one of the Pardus devs believes that security is inherently compromised in this instance anyway, but there's no need to make it easy for anyone. Ok - I can lock the screen  Smiley but let's say I had a late night reading up oin Pardus and forgot?

Maybe it would help if there was more documentation in English - the COMAR docs on the official Pardus website are all in Turkish still  Sad
Logged
Kavani
Guest
« Reply #6 on: May 05, 2007, 00:20:07 AM »

You can configure your screensaver to lock the computer.  Using TASMA, go to Appearance and Themes, then to Screensavers.  There are 2 check boxes at the bottom of the screen.  Select the 2nd one and adjust the time.  Chances are fair, that it someone DID want your computer, nothing is going to stop them.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!