public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Ronald Bultje <rbultje@ronald.bitfreak.net>
To: imel96@trustix.co.id
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Single user linux
Date: Thu, 26 Apr 2001 15:47:42 +0200	[thread overview]
Message-ID: <20010426154742.O20175@tux.bitfreak.net> (raw)
In-Reply-To: <3AE7EE6F.28446A2C@idb.hist.no> <Pine.LNX.4.33.0104261730510.1677-100000@tessy.trustix.co.id>
In-Reply-To: <Pine.LNX.4.33.0104261730510.1677-100000@tessy.trustix.co.id>; from imel96@trustix.co.id on Thu, Apr 26, 2001 at 13:31:54 +0200


On 2001.04.26 13:31:54 +0200 imel96@trustix.co.id wrote:
> On Thu, 26 Apr 2001, Helge Hafting wrote:
> > The linux kernel ought to be flexible, so most people can use
> > it as-is.  It can be used as-is for your purpose, and
> > it have been shown that this offer more security _without_
> > inconvenience.  Your patch however removes multi-user security
> > for the many who needs it - that's why it never will get accepted.
> > Feel free to run your own patched kernels - but your
> > patch will never make it here.
> 
> i don't understand, that patch is configurable with 'n' as
> default, marked "dangerous". so somebody who turned on that
> option must be know what he's doing, doesn't understand english,
> or has a broken monitor.

I can make a virus, patch the kernel and send it in, with a 'N' by default.
But what is the use of this? Do you think this will be implemented???

Your thing is as dangerous as a virus, basically. It gives root to
everyone, although they have separate UIDs. And whenever there is a way out
(i.e. surfing the web, reading mail), there is a way in. So that would make
your system a very nice target to hack -> since you basically are root this
means they can change anything as soon as they have access. If you're not
root, they can't, since they can only do what you as a user can do.
The whole goal of your patch is to make computer life easier. This patch
doesn't do that - it goes far worse. We gave you a few suggestions on
better/easier ways to accomplish this goal - take them as advice and use
them instead.

Easy: chmod -R 777 / (same risk, though)
Good: use su for installing software (su -c "make install")

Can't get much easier than that (and if a clueless user needs to do this,
let him use redhat's RPM manager, "enter your password" with a nice
X-window, and press that button  "install" - same effect)...

You don't need to patch the kernel for this...

--
Ronald Bultje


  reply	other threads:[~2001-04-26 13:48 UTC|newest]

Thread overview: 84+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-04-25 12:04 [PATCH] Single user linux imel96
2001-04-25 13:00 ` Leonid Mamtchenkov
2001-04-25 13:07 ` Gerhard Mack
2001-04-25 21:30   ` John Cavan
2001-04-26 12:11     ` imel96
2001-04-26 12:24       ` David Weinehall
2001-04-26 12:36         ` Mohammad A. Haque
2001-04-26 12:33       ` Mohammad A. Haque
2001-04-26 12:34       ` Rasmus Bøg Hansen
2001-04-26 14:03         ` imel96
2001-04-26 17:00           ` Ken Brownfield
2001-04-26 17:22             ` Ian Stirling
2001-04-26 19:40               ` Mohammad A. Haque
2001-04-26 20:18                 ` Ian Stirling
2001-04-26 20:47           ` Rasmus Bøg Hansen
2001-04-27  7:08           ` Albert D. Cahalan
2001-04-26 17:16         ` Stephen Satchell
2001-04-26 18:11       ` John Cavan
2001-04-27  9:30         ` imel96
2001-04-25 13:41 ` Mohammad A. Haque
2001-04-26  9:46 ` Helge Hafting
2001-04-26 11:31   ` imel96
2001-04-26 13:47     ` Ronald Bultje [this message]
2001-04-27  9:31     ` Helge Hafting
2001-04-27 13:45       ` Mohammad A. Haque
  -- strict thread matches above, loose matches on Subject: below --
2001-04-25 20:58 Jesse Pollard
2001-04-25 18:34 Rick Hohensee
2001-04-25 20:12 ` Markus Schaber
     [not found] <988158045.12859@whiskey.enposte.net>
2001-04-25  0:48 ` Stuart Lynne
2001-04-24 16:55 Torrey Hoffman
     [not found] <Pine.LNX.4.33.0104241830020.11899-100000@tessy.trustix.co. id>
2001-03-18 18:13 ` changing mm->mmap_sem (was: Re: system call for process information?) Linus Torvalds
2001-04-24 11:44   ` [PATCH] Single user linux imel96
2001-04-24 12:04     ` Alexander Viro
2001-04-24 12:44       ` imel96
2001-04-24 12:58         ` Daniel Stone
2001-04-24 13:27           ` imel96
2001-04-24 13:38             ` Daniel Stone
2001-04-25  0:01               ` Aaron Lehmann
2001-04-25  0:07                 ` Daniel Stone
2001-04-25  0:16                   ` Alan Cox
2001-04-25  0:34                     ` Daniel Stone
2001-04-25  0:52                       ` Gerhard Mack
2001-04-25  7:46                         ` Ronald Bultje
2001-04-25 14:17                           ` Disconnect
2001-04-27 20:06                             ` Jim Gettys
2001-04-26 19:41                         ` Pavel Machek
2001-04-27 19:00                           ` Erik Mouw
2001-04-27 13:12                       ` Robert Varga
2001-04-27 13:34                         ` Daniel Stone
2001-04-25  0:20                   ` Aaron Lehmann
2001-04-25  0:32                     ` Daniel Stone
2001-04-25  0:35                       ` Aaron Lehmann
2001-04-25  0:43                         ` Daniel Stone
2001-04-25  7:45                       ` Alan Cox
2001-04-25  7:55                         ` Daniel Stone
2001-04-25 15:07                         ` Jonathan Lundell
2001-04-25 14:42                       ` Jordan Crouse
2001-04-26 19:47                       ` Pavel Machek
2001-04-25  1:12                     ` Disconnect
2001-04-25  0:26                 ` Jonathan Lundell
2001-04-25  7:13                   ` Mike A. Harris
2001-04-25  7:04                 ` Mike A. Harris
2001-04-26 19:35               ` Pavel Machek
2001-04-27 14:26                 ` Daniel Stone
2001-04-24 13:40             ` Mohammad A. Haque
2001-04-25  5:29             ` Ben Ford
2001-04-24 12:59         ` Alexander Viro
2001-04-24 13:02         ` Sean Hunter
2001-04-24 13:03         ` Roland Seuhs
2001-04-24 13:50           ` Mike A. Harris
2001-04-24 13:13         ` Richard B. Johnson
2001-04-24 13:37           ` imel96
2001-04-25  7:57             ` Helge Hafting
2001-04-25 10:42             ` Albert D. Cahalan
2001-04-24 14:03         ` Alan Cox
2001-04-24 14:10           ` imel96
2001-04-24 14:27             ` Mike A. Harris
2001-04-24 14:30             ` Alan Cox
2001-04-24 15:07           ` Jeremy Jackson
2001-04-24 17:43         ` Russell King
2001-04-24 18:37         ` Garett Spencley
2001-04-24 12:51     ` Mohammad A. Haque
2001-04-24 13:07       ` Alexander Viro
2001-04-24 17:55     ` J Sloan
2001-04-24 17:06   ` Stephen Satchell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20010426154742.O20175@tux.bitfreak.net \
    --to=rbultje@ronald.bitfreak.net \
    --cc=imel96@trustix.co.id \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox