Should openSUSE review it's Security Policies?

classic Classic list List threaded Threaded
207 messages Options
1234 ... 11
Reply | Threaded
Open this post in threaded view
|

Should openSUSE review it's Security Policies?

Larry Stotler
As many are aware, Linus Torvalds has started a rant about the
security policies in openSUSE for things that require the root
password.  From his Google+
post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
he names these:

Time Zone changes
Adding a Printer
Adding a wireless network.

Now, I don't usually see the wireless issue because KNetworkmanager in
KDE3(which I use) has never asked the root password for adding a new
network.

While at 37, I've never changed timezones(I lead a boring life) I
would have to agree that having to use the root password for this
would be annoying if I needed to change it because of a flight or
something.

I've worked with Linus on a hardware issue years ago, and I think we
should probably at least consider reviewing the policies if they do
need changed.

Just my 2 cents.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

James Knott
Larry Stotler wrote:
> As many are aware, Linus Torvalds has started a rant about the
> security policies in openSUSE for things that require the root
> password.  From his Google+
> post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
> he names these:
>
> Time Zone changes
> Adding a Printer
> Adding a wireless network.

Those things should be set as a policy.  Some companies like to lock
down systems, where users can't chose anything, but they should not be
mandatory, as appears to be the case.  Certainly WiFi should be done by
uses, unless a company wants to send a tech along with employees to
hotels, coffee shops etc.  There was a lot of discussion on this list a
while ago and the general concensus was that requiring root for WiFi has
to be one of the most idiotic decisions ever.  As Linus mentioned, he
doesn't want to have to follow his kids around, just so they can use
WiFi.  By comparison, I'm currently working on a project for a large
insurance company and they provided me with a notebook computer for use
while connected to their network.  Everything is locked down, so that I
can't add anything or make changes to the config etc., but they allow
connection to public WiFi and even include a utility to make accessing
public hot spots easier.  This clearly illustrates the idiocy of the
current root password for WiFi on openSUSE.  Whoever dreamed up that one
has clearly never worked in the real world, where employees are given a
notebook to use elsewhere and expected to do so.  Nor must they have
kids with notebooks.  As far as I'm concerned, such a decision should be
a "firing offence".  It is just flat out wrong, without any
justification.  By all means make it an option, configurable by root,
but never, *EVER* mandatory, the way it is now.  The way it is now, it
simply defeats the point of wireless, when used on a corporate computer.

If there was ever a bad decision, this is it.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
On Wed, 2012-02-29 at 14:56 -0500, James Knott wrote:


Add to that limiting network broadcasts to root. Lots of software uses
this method to locate devices. For us this includes GigE Vision cameras,
network lasers, and a host of measurement transducers. Being root for
this has been a real PITA.

--

Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Kim Leyendecker-3
In reply to this post by James Knott
On 29.02.2012 20:56, James Knott wrote:

> Larry Stotler wrote:
>> As many are aware, Linus Torvalds has started a rant about the
>> security policies in openSUSE for things that require the root
>> password.  From his Google+
>> post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
>> he names these:
>>
>> Time Zone changes
>> Adding a Printer
>> Adding a wireless network.
>
> Those things should be set as a policy.  Some companies like to lock
> down systems, where users can't chose anything, but they should not be
> mandatory, as appears to be the case.  Certainly WiFi should be done
> by uses, unless a company wants to send a tech along with employees to
> hotels, coffee shops etc.  There was a lot of discussion on this list
> a while ago and the general concensus was that requiring root for WiFi
> has to be one of the most idiotic decisions ever.  As Linus mentioned,
> he doesn't want to have to follow his kids around, just so they can
> use WiFi.  By comparison, I'm currently working on a project for a
> large insurance company and they provided me with a notebook computer
> for use while connected to their network.  Everything is locked down,
> so that I can't add anything or make changes to the config etc., but
> they allow connection to public WiFi and even include a utility to
> make accessing public hot spots easier.  This clearly illustrates the
> idiocy of the current root password for WiFi on openSUSE.  Whoever
> dreamed up that one has clearly never worked in the real world, where
> employees are given a notebook to use elsewhere and expected to do
> so.  Nor must they have kids with notebooks.  As far as I'm concerned,
> such a decision should be a "firing offence".  It is just flat out
> wrong, without any justification.  By all means make it an option,
> configurable by root, but never, *EVER* mandatory, the way it is now.
> The way it is now, it simply defeats the point of wireless, when used
> on a corporate computer.
>
> If there was ever a bad decision, this is it.
>
>


Then I'd go with creating a request on openFATE or discuss it on factory
(afaik it is already). On the other hand, I've seen three threads about
this issue so far, just wondering, would this also get so much attention
if I would rant about this instead of Linus?


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

jdd@dodin.org
In reply to this post by Larry Stotler
Le 29/02/2012 20:40, Larry Stotler a écrit :
> As many are aware, Linus Torvalds has started a rant about the
> security policies

what about give sudo rights to his daugther?

jdd

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

jdd@dodin.org
In reply to this post by Larry Stotler
Le 29/02/2012 20:40, Larry Stotler a écrit :

> Adding a Printer
>
the printer case can become a problem. Do you know many present
printers (including extremely cheap one) have internet access? it's
even possible to print at home from a remote location.

security nightmare

jdd

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

James Knott
In reply to this post by Kim Leyendecker-3
Kim Leyendecker wrote:
> Then I'd go with creating a request on openFATE or discuss it on factory
> (afaik it is already). On the other hand, I've seen three threads about
> this issue so far, just wondering, would this also get so much attention
> if I would rant about this instead of Linus?

I was aware of this issue before I read his comments.  I have provided
computer support in the corporate world and cannot imagine why anyone
would decide requiring root password for WiFi was a good idea.  In the
corporate world, users do not generally get the root or admin password.  
This means they cannot take their notebook computer from work and use
WiFi anywhere else, if that password is required.  In the past couple of
months, I have stayed at three hotels and used the hotel WiFi.  If I
needed admin password (the computer I was given runs Windows) to connect
to the hotel's WiFi, I could not have had Internet access, which I
required to do my work.  This clearly illustrates why root password must
not be mandatory.  Make it optional if needed, but never manadatory.  As
for adding printers, how many people bring their work computers home and
connect to their own printers?  Again, with this insurance company
project, I am expected to go to a site and connect to the local
printer.  How can I do that without the root (admin) password?  I might
allow time zone, as that can affect file access times, which can become
a security issue.  However, since Linux uses UTC (GMT) for file times,
this issue only affects what the user sees on the computer and nothing else.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Jim Henderson-4
In reply to this post by Larry Stotler
On Wed, 29 Feb 2012 14:40:13 -0500, Larry Stotler wrote:

> As many are aware, Linus Torvalds has started a rant about the security
> policies in openSUSE for things that require the root password.  From
> his Google+
> post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
> he names these:
>
> Time Zone changes Adding a Printer Adding a wireless network.
>
> Now, I don't usually see the wireless issue because KNetworkmanager in
> KDE3(which I use) has never asked the root password for adding a new
> network.
>
> While at 37, I've never changed timezones(I lead a boring life) I would
> have to agree that having to use the root password for this would be
> annoying if I needed to change it because of a flight or something.
>
> I've worked with Linus on a hardware issue years ago, and I think we
> should probably at least consider reviewing the policies if they do need
> changed.
>
> Just my 2 cents.

I would tend to agree, but at the same time, security is always a
tradeoff between convenience and security.

The underlying issue seems to me to be twofold:

1.  The default policies are thought, by some, to be too restrictive.

2.  PolicyKit (which seems to be what enforces these sorts of things)
doesn't appear to me to be very well documented, nor is there a good tool
for modifying the policy should one wish to go with a less restrictive
setup.

It seems like what might be reasonable here is to (a) better document
PolicyKit, (b) provide a tool for managing the policies, and (c) provide
different security profiles at installation time that let the user decide
at that point how they want to balance security and convenience.

We need to make this discussion less about Linus' comments (poorly
stated, but valid observations) and more about how we balance the
security policy/policies.

But I also understand there is a discussion going on about this on the
opensuse-security list - it may well be redundant to have a discussion
here on the -user list as well.

Jim

--
 Jim Henderson
 Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Robert Schweikert-6
In reply to this post by jdd@dodin.org


On 02/29/2012 03:13 PM, jdd wrote:
> Le 29/02/2012 20:40, Larry Stotler a écrit :
>> As many are aware, Linus Torvalds has started a rant about the
>> security policies
>
> what about give sudo rights to his daugther?

That was one of the suggestions in the google+ comments.



--
Robert Schweikert                           MAY THE SOURCE BE WITH YOU
SUSE-IBM Software Integration Center                   LINUX
Tech Lead
[hidden email]
[hidden email]
781-464-8147

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

James Knott
In reply to this post by jdd@dodin.org
jdd wrote:
> the printer case can become a problem. Do you know many present
> printers (including extremely cheap one) have internet access? it's
> even possible to print at home from a remote location.
>
> security nightmare

Security nightmare vs being able to do one's work.  As I mentioned in
another note, I am expected to go to various sites and use the local
printer.  A bit hard to do if I require root or admin password to do
it.  Many others take their computers home and use their own printers
and WiFi.  Should they tell their boss "Sorry I can't use my computer,
because I need a password to use a printer and WiFi"?

By all means, make it an option that's even turned on by default, but
allow root to set it to what's required.



--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Roger Oberholtzer
In reply to this post by Robert Schweikert-6
On Wed, 2012-02-29 at 15:22 -0500, Robert Schweikert wrote:
>
> On 02/29/2012 03:13 PM, jdd wrote:
> > Le 29/02/2012 20:40, Larry Stotler a écrit :
> >> As many are aware, Linus Torvalds has started a rant about the
> >> security policies
> >
> > what about give sudo rights to his daugther?
>
> That was one of the suggestions in the google+ comments.

sudo has the huge disadvantage that it opens up too much. The app can do
anything root can, when perhaps it is a limited thing you want to allow.

I think the issue is fine-grained permissions.


--

Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Patrick Shanahan-2
* Roger Oberholtzer <[hidden email]> [02-29-12 15:28]:

> On Wed, 2012-02-29 at 15:22 -0500, Robert Schweikert wrote:
> >
> > On 02/29/2012 03:13 PM, jdd wrote:
> > > Le 29/02/2012 20:40, Larry Stotler a écrit :
> > >> As many are aware, Linus Torvalds has started a rant about the
> > >> security policies
> > >
> > > what about give sudo rights to his daugther?
> >
> > That was one of the suggestions in the google+ comments.
>
> sudo has the huge disadvantage that it opens up too much. The app can do
> anything root can, when perhaps it is a limited thing you want to allow.

No, sudo can only do that which root has allowed exceptions for sudo-user
within /etc/sudoers.  It can be very specific or widely general.
Exceptions *can* be set for controlling the printer, installing software,
connecting to wireless/wired access points, ..............

--
(paka)Patrick Shanahan       Plainfield, Indiana, USA      HOG # US1244711
http://wahoo.no-ip.org        Photo Album: http://wahoo.no-ip.org/gallery2
http://en.opensuse.org                           openSUSE Community Member
Registered Linux User #207535                    @ http://linuxcounter.net
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Carlos E. R.-2
In reply to this post by James Knott
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-02-29 20:56, James Knott wrote:

>> he names these:
>>
>> Time Zone changes

You can change the timezone as user via CLI.


> Certainly WiFi should be done by
> uses, unless a company wants to send a tech along with employees to hotels,
> coffee shops etc.

I worked for a company where wifi was strictly forbidden (they also
employed antitempest windows).

The issue was that wep encryption was weak. Now there is stronger
encryption, but I don't see them allowing their employees to freely connect
anywhere with the risk of choosing a nonencripted AP.

- --
Cheers / Saludos,

                Carlos E. R.
                (from 11.4 x86_64 "Celadon" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk9OkvkACgkQIvFNjefEBxq0uQCeNmK+b9WI7fnDZnUsE2RIc8bq
26oAn34PRLrXGY//YbjZ+4NNDVNE/C39
=dzbf
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Carlos E. R.-2
In reply to this post by James Knott
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-02-29 21:20, James Knott wrote:
> I might allow time zone, as that can affect file access times, which can
> become a security issue.

Not in Linux, it is not an issue. And you can choose the timezone in the
CLI as plain user, no problem.

- --
Cheers / Saludos,

                Carlos E. R.
                (from 11.4 x86_64 "Celadon" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk9Ok20ACgkQIvFNjefEBxoKyACeI+KRiq27WogUehV3hYh7xs6M
nEcAoLIlSaCpYZwxqbuomYAs7YKDWURS
=+6Vr
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Carlos E. R.-2
In reply to this post by Patrick Shanahan-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-02-29 21:34, Patrick Shanahan wrote:
> * Roger Oberholtzer <[hidden email]> [02-29-12 15:28]:

> No, sudo can only do that which root has allowed exceptions for sudo-user
> within /etc/sudoers.  It can be very specific or widely general.
> Exceptions *can* be set for controlling the printer, installing software,
> connecting to wireless/wired access points, ..............

True enough - but it is not simple, and impractical for a GUI.

- --
Cheers / Saludos,

                Carlos E. R.
                (from 11.4 x86_64 "Celadon" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk9OlCAACgkQIvFNjefEBxrSMgCfWPgVuftW/HTlDqxhTtUkccq4
y70An0flQbgO7fGJ+Uqt7OjhABwbDoI+
=jTaH
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Marcus Meissner
In reply to this post by Larry Stotler
On Wed, Feb 29, 2012 at 02:40:13PM -0500, Larry Stotler wrote:

> As many are aware, Linus Torvalds has started a rant about the
> security policies in openSUSE for things that require the root
> password.  From his Google+
> post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
> he names these:
>
> Time Zone changes
> Adding a Printer
> Adding a wireless network.
>
> Now, I don't usually see the wireless issue because KNetworkmanager in
> KDE3(which I use) has never asked the root password for adding a new
> network.
>
> While at 37, I've never changed timezones(I lead a boring life) I
> would have to agree that having to use the root password for this
> would be annoying if I needed to change it because of a flight or
> something.
>
> I've worked with Linus on a hardware issue years ago, and I think we
> should probably at least consider reviewing the policies if they do
> need changed.

He should stop asking us to commit suicide first.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Marcus Meissner
In reply to this post by Larry Stotler
On Wed, Feb 29, 2012 at 02:40:13PM -0500, Larry Stotler wrote:

> As many are aware, Linus Torvalds has started a rant about the
> security policies in openSUSE for things that require the root
> password.  From his Google+
> post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
> he names these:
>
> Time Zone changes
> Adding a Printer
> Adding a wireless network.
>
> Now, I don't usually see the wireless issue because KNetworkmanager in
> KDE3(which I use) has never asked the root password for adding a new
> network.
>
> While at 37, I've never changed timezones(I lead a boring life) I
> would have to agree that having to use the root password for this
> would be annoying if I needed to change it because of a flight or
> something.
>
> I've worked with Linus on a hardware issue years ago, and I think we
> should probably at least consider reviewing the policies if they do
> need changed.

Hi,

Let me address in the points

- timezone changes he complains about

  GNOME 3 uses just 1 root service for both timezone and actual UNIX time changes.
  If it were split, we could allow timezone for users and only allow unix time for root.

  (There are split DBUS services already, just GNOME 3 uses yet another new one.)

  => It is a GNOME issue really.


- adding a printer

  As it is already:
  * Adding a known USB printer : No popup, no query ... the printer will just start to work.

  * Adding a Network printer: depending on the computers "networked
    printer browsing" setup, will just work without interaction.

  * Adding a new not yet known printer: Difficult.

    If you even need a PPD file to set it up, or an external driver, allowing
    this is the equivalent of giving out root access.


  => Setting up printers is a hard task, and root privilege escalation is usually easy when
     you are allowed to do it.


  (I would also like to see it done on Windows 7 without Admin Password.)

- NetworkManager

  12.1 shipped with 0.9 NetworkManager which was very fresh off the press.

  Before 0.9 all WLAN connections were "user" based connections and did not change
  the system.


  0.9 features now "system" and "user" based connections.

  The default is "system" connections, it was not even possible to select the "user" option.
  A "system" connection is too deep and should only be configurable by root in our eyes.

  Sadly, the UI frontends did not offer the selection to select "user" profiles, so it
  was necessary.

  Ludwig did quite some work on making the default more sane and it works now at Linus
  acceptance level I think.

  => NetworkManager and NM UI tools design issues make a secure and usable default hard.


For all of those exists bugzilla entries.

All of those need less help on the security side, but way more help on
the implementation and design side in the User Interfaces, especially NetworkManager.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

James Knott
In reply to this post by Carlos E. R.-2
Carlos E. R. wrote:
>> Certainly WiFi should be done by
>> >  uses, unless a company wants to send a tech along with employees to hotels,
>> >  coffee shops etc.
> I worked for a company where wifi was strictly forbidden (they also
> employed antitempest windows).
>
> The issue was that wep encryption was weak. Now there is stronger
> encryption, but I don't see them allowing their employees to freely connect
> anywhere with the risk of choosing a nonencripted AP.

As I mentioned, the root or admin should be allowed to decide whether to
allow it or not.  As far as I can see, there's no practical way to
change it.  Also, if they don't want WiFi, the most secure way is to
remove the drivers.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

Marcus Meissner
In reply to this post by James Knott
On Wed, Feb 29, 2012 at 03:25:43PM -0500, James Knott wrote:

> jdd wrote:
> >the printer case can become a problem. Do you know many present
> >printers (including extremely cheap one) have internet access? it's
> >even possible to print at home from a remote location.
> >
> >security nightmare
>
> Security nightmare vs being able to do one's work.  As I mentioned in
> another note, I am expected to go to various sites and use the local
> printer.  A bit hard to do if I require root or admin password to do
> it.  Many others take their computers home and use their own printers
> and WiFi.  Should they tell their boss "Sorry I can't use my computer,
> because I need a password to use a printer and WiFi"?
>
> By all means, make it an option that's even turned on by default, but
> allow root to set it to what's required.

read my email.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Should openSUSE review it's Security Policies?

John Andersen-2
In reply to this post by Marcus Meissner
On 2/29/2012 1:14 PM, Marcus Meissner wrote:

> On Wed, Feb 29, 2012 at 02:40:13PM -0500, Larry Stotler wrote:
>> As many are aware, Linus Torvalds has started a rant about the
>> security policies in openSUSE for things that require the root
>> password.  From his Google+
>> post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
>> he names these:
>>
>> Time Zone changes
>> Adding a Printer
>> Adding a wireless network.
>>
>> Now, I don't usually see the wireless issue because KNetworkmanager in
>> KDE3(which I use) has never asked the root password for adding a new
>> network.
>>
>> While at 37, I've never changed timezones(I lead a boring life) I
>> would have to agree that having to use the root password for this
>> would be annoying if I needed to change it because of a flight or
>> something.
>>
>> I've worked with Linus on a hardware issue years ago, and I think we
>> should probably at least consider reviewing the policies if they do
>> need changed.
>
> He should stop asking us to commit suicide first.
>
> Ciao, Marcus

I think the entire point here is that the multi-user security model is not a good
fit for a single user device like a laptop.

For single user devices, permissions should really focus on preventing
the user from destroying the system or letting it be compromised by others, but in
other ways, allow them to do typical administrative tasks like add printers, wifi
networks, removable storage, etc.

I don't think you can dismiss Torvalds with a one-liner and come off looking
anything but petty.


--
_____________________________________
---This space for rent---
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

1234 ... 11