Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Root - NO KDE

On Mon, Jun 24, 2002 at 05:08:32PM +0900, Eric Oliver Flores wrote:
> Are you are referring to the recent found vulnerability?
> The Mandrake Guys were quick to release a fix (MDKSA-2002-:039-2).
> I hope! :)

All well and good, but you are completely missing the point. Anything
that is run as root has access to the entire system. If someone finds
a remotely exploit in some piece of software you run the possible
damage that can be done is very much effected by the access rights of
the compromised software.  If you are running everything as root then
you are wide open.  Moreover, there is never a need to run Xfree as 
root.  In a way this 'bug' is actually a security 'feature' that you
really shouldn't be trying to fix.  


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links