I want to start this post with a quote, it happens to be from another member who I holy respect and have gotten tons of great information from.
… and there will come lots of times when you will be glad that the mistake you made doesn’t have “undesired system consequences” because you’re just a user.
So obviously this idea has been hashed out many times before by many people but sometimes we all get in a groove and all sing the same song even though there are better ideas.
A user is a user is you and me and everybody, we need to cater to our users and that means me and you and yes I realize this is a multi-user system.
I think there should be a Linux distro to give the “user” a nice secure system without all the hassle. Maybe its a Mac lol!
Seriously here is the simple idea, Why don’t we authenticate once for all tasks?
It seems ridiculous to me that we need to have authentication for every task into all time on my own computer.
So I check out the warning that installing new software may harm my system, why do I need to see that 100 times?
We are never going to be able to save everybody from mucking up there computer no matter how many warnings we give them.
So why not go with the majority and and figure everybody is good.
Why are we doing anything with application installs that need authentication? We need to move the whole application install to a new dharma in Linux. Everything needs to be in the home folder and then only communicate with those libraries they are registered for.
Why do I need to authenticate to yast when messing with a joystick?
Really, linux needs to be looking to the future and find a new easy way for security besides what everyone is doing now.
Malware trying to do stuff being able to escalate privileges without
asking for it is a wonderful way to destroy a system.
So how does this make it more secure? If I want to use the Joystick and you need to put password in??? Then couple seconds later it asked for password again, I would enter it again. This is normal behavior as you could suspect a machine error or whatever.
I do not quite understand you. I am working for the whole day now and apart from giving my uername and password at my login (using KDE), I had to enter no other password then that of Kwallet, which then filled in the credentials of my mail providers and the Forums and my banking account and …
Normaly once a week I play the system manager and have maintenance time. I start YaST, give the root password and then do online update and maybe update Packman packages.
I also manage my wife’s system. She does not ven know the root password. Nevertheless she is able to do all the meanial tasks a normal end-user may see coming his/her way.
On Wed, 30 Jan 2013 19:26:01 +0000, anika200 wrote:
>> Malware trying to do stuff being able to escalate privileges without
>> asking for it is a wonderful way to destroy a system.
>>
>>
> So how does this make it more secure? If I want to use the Joystick and
> you need to put password in??? Then couple seconds later it asked for
> password again, I would enter it again. This is normal behavior as you
> could suspect a machine error or whatever.
For system configuration items, yes (as was pointed out, Linus made noise
about this and it has improved - in his case it was about configuring a
printer).
I was speaking in general terms - doing things that require root
privileges require a password, and changing hardware configuration
requires root privileges, so it requires a password to make those changes.
Generally speaking, though, prompting for a password is more secure than
not prompting for a password. It prevents privilege escalation (as I
said) without the user’s knowledge.
It’s like using sudo at the terminal prompt. You /can/ configure it to
not prompt for a password, but that’s not a best practice because if you
run a script that does somethign nefarious, it can just “sudo ./
breakmymachinenow.sh” and poof - your machine is broken.
Now I don’t know about you, but I would actually prefer to be asked
before a rogue script or program destroyed my machine so I could /
prevent/ that from happening.
I had to enter no other password then that of Kwallet,
Please take note, no offense meant to any obverse opinions this is a mental exercise for a better future.
Well thats something to start with,Why does kwallet need my password every day for my email? Its the same flippin password every time of every day of every time and I need my email every day and it will never change. If I do want to change it then maybe a request for password would be appropriate.
I was just wondering if we can come up with something better rather than going through the same thing we have been doing and what everyone defends?
It is every day because you seem to log out once a day. That is not Kwallet’s decision. Why do you use Kwallet when you do not appreciate that it is a tool that makes computer programs/web-sites/… decide that it is realy you that is there? Just design a system that will use your webcam, see that it is you and thus does not ask for a password. Why should you type your password every time you activate your bank account. Its the same flippin password every time of every day of every time.
It is your system. You can even make the root password nil. You can even go for no other user on the system then root. It is even easier then having a seperate end-user. And I know of so called operating systems that do just that. One single user and having no password. When you have a need for it, just do it.
There has been a small but significant change on openSUSE 12.2 KDE. If you use Apper to install your system patches and updates, you don’t need to enter root’s password. By default it’s configured to include enabled repos, and is equivalent to running “zypper up”. It’s described as a benefit on the openSUSE mailing list for KDE.
“The future” holds no shortage of hackers or neophytes, both capable of hosing your system given the opportunity. There will always be a need for some level of authentication. There are alternatives to the standard keyboard input, such as finger prints and iris recognition that might eventually be incorporated into PCs. That might be something to advocate, not removing a layer of security.
Security violation. I am glad I do not install Apper on any of the systems I manage. The idea that every stupid GUI user could install system software >:)
To be consistent with this opinion, you would also have to acknowledge that mounting a USB device from the GUI (which requires no password) also constitutes a security violation since it requires root privileges if mounting from command line.
