RE: [tlug] Root - NO KDE

["James Cluff" <jc@example.com>]

I use Bastille hardening scripts to help prep my Redhat 7.2 machine when I
install a new OS.  It also helps me remember to turn off many unused
services that I may have forgotten about.

I select not even to be able to log in as root.  I have to log in as a
normal user and then SU to root - if I need to do something as root.  When I
first started, I found it was easier to just loggin as root of course, but I
think disabling root loggin is a good practice.

James

-----Original Message-----
From: Matt Doughty [mailto:mdoughty@example.com]
Sent: Monday, June 24, 2002 5:41 PM
To: tlug@example.com
Subject: Re: [tlug] Root - NO KDE


On Mon, Jun 24, 2002 at 05:08:32PM +0900, Eric Oliver Flores wrote:
> Are you are referring to the recent found vulnerability?
> The Mandrake Guys were quick to release a fix (MDKSA-2002-:039-2).
> I hope! :)
>

All well and good, but you are completely missing the point. Anything
that is run as root has access to the entire system. If someone finds
a remotely exploit in some piece of software you run the possible
damage that can be done is very much effected by the access rights of
the compromised software.  If you are running everything as root then
you are wide open.  Moreover, there is never a need to run Xfree as
root.  In a way this 'bug' is actually a security 'feature' that you
really shouldn't be trying to fix.

-Matt