Yet another Linux on the desktop article
Oren Beck
oren_beck at hotmail.com
Sun Aug 1 21:03:50 CDT 2004
Uncle Jim wrote:
> On Sat, Jul 31, 2004 at 01:20:23PM -0500, Jonathan Hutchins wrote:
>
>
>>Most PC's will boot from a floppy - or for that matter a CD these days -
>>before they ever even load the OS, so anybody with physical access can
>>potentially compromise "security". It's all in how you set the system up.
>>
>>I really can't see that simply mounting a floppy is any greater hazard than
>>any other form of file loading. Of course, if you could make a case for it,
>>then you would want to turn automount off.
>
>
> I realize that physical access to the hardware means all bets are off but automount
> is equivalent to root with no password.
>
> It takes a little time and effort to open the case and short pins on the motherboard
> or pull hda and put it in another host. Even Brian, who has the metro area's largest
> collection of "Live CD"s and should be considered potential security risk, would have
> to take the time to reboot the machine. If I have a floppy with a copy of bash that
> is owned by root with permissions of 4755 and I come to your machine all I have to do
> is insert the floppy and type "/mnt/floppy/bash", 16 keystrokes. If root has no password
> I simply type "su - root", 9 keystrokes. So if you assume that I've always had a mouse
> and can only type with my left thumb and can only reach 10 words per minute (1 sec. per
> keystroke) thats only seven seconds + time to insert floppy different from root without
> password. And I'm getting better with my left thumb all the time.
>
> So, if you have a machine where you think a password for root is a waste of time then I
> think you should also enable automount.
>
> Since mounting removable media carries a security risk I don't think it is unreasonable
> to have the system request a password before mounting. Keep in mind that a security
> breach at your host usually is not just your problem, it often ends up affecting lots
> of other people on the Internet.
>
> So I fail to see where the ability to automount should be a criteria for "desktop ready"
> unless "desktop ready" means isolated, unconnected host.
>
Let's take this in a different direction or look at it from different
viewpoints
To my take it defaults to threat assessment .
What level of exploit skills are expected and what level of lossage if
defenses crack . XP on a cash register ?
Since most POS gear reads cards as a keyboard wedge WiFi connected XP
registers WILL be hacked and SOON!
Reason that gets mention here is every Ebay or Amazon transaction you
make at home makes a remote POS out of that "Low threat perceived"
single user no free access to strangers desktop . So Linux can be more
secure as IE makes it near impossible to default erase all HD traces of
transactions . Do _that_ with MS and -system restore ,temp the just
because copies .? DO PLEASE find anyone who can refute the information
on the Microsuck site
http://fuckmicrosoft.com/content/ms-hidden-files.shtml
That site if true thus having to my point removed MS from contention
leaves it to WHICH Linux or Mac desktop ?
And thence to how it gets "made so " . Back to Mission requirements and
how we decide them .
A kiosk in an unsupervised public access area as opposed to a single
user machine in their own house with no other persons having free access
? An Office or Educational networked machine that has unsupervised users ??
The computer in the family room used by not only your family but every
kid your kids play with ?
ALL of these present a different threat list . Applying the wrong
profile in the wrong location has some issue potentials to put it
lightly . Blanket judgments have their places . And places where they
often can be counterproductive .
We can make a software build that literally cannot be exploited because
it lacks any point of entry other than filtered .
Now do consider how maddening it would be attempting to use such
crippledware .
<insert deity of worthy curse value> - a prospect that makes XP look good ?
I see the schizoid nature of wanting everything locked down by default
yet wanting everything to *work* .
MS and Mac are for good or bad slanted towards appliance operators in
some details . Look at Which ones and Why .
Digging thru Arcana of permissions etc hardly can compete with "plug in
and it works. " GUI Vs CLI ancestry .
Noting of course that plug and work still has lots of plug and curse
experiences for users of any current systems .
All of which brings us to a simple derived point . It is defacto
impossible to please everyone by blind defaults.
Thus semi scripted first run menus should balance usage profiles so it's
usable by the masses but not exploit bait .
Easier done than said as the pun goes captures the surrealistic
landscape of how to please everyone and offend no one .
Anyone feeling up to the task of assigning "permissions suggestions" to
some common situations is welcome to do so .
I am slowly building out WiFi for my wife's campground and some threat
assessments are in progress here .
Any constructive dialog is VERY welcome. Flames ,Yahbuts etc send to The
Gehenna postmaster .
Oren Beck
www.campdownunder.com
" I want a Linux Distro that my appliance operator Mother can use and
enjoy "
More information about the Kclug
mailing list