[CentOS] Lost my menu options again - KDE messes with Gnome?
ryanag at zoominternet.net
Tue Oct 4 04:04:32 UTC 2005
On Monday 03 October 2005 09:48 pm, you wrote:
> > >Debian (and things like Ubuntu) have it right.
> > I disagree entirely. So long as the user is displayed a warning
> > indicating that its a bad idea to do so, I see nothing wrong with
> > allowing a user to control their own system.
> OK - it's your machine, your call
Allowing a user to shoot themselves in the foot is required if you assume that
the user base is knowledgeable enough to use their power wisely.
I think the concept is a lot like using weak passwords. They *should* be
permitted - and in some cases (for example - a headless machine with only SSH
access that is using host-key authentication) it might not even be a security
risk. The user should receive a very stern warning/disclaimer about their
actions before being allowed to set the simple password though.
>you may have already downloaded some malicious code in a web browser
>plugin, java applet or ??? that doesn't get executed until you fire up
>the root account and use a web browser. Just the first idea that comes
>to my mind...I'm not gonna spend a lot of time thinking about the what
In the case you present, the malicious code wouldn't run as it wouldn't have
been downloaded into the root account's profile for firefox or KDE.
Also, this same risk (if it is a risk at all) is present if I need to start
firefox as root from the commandline to add some search engines to the search
bar (this is a root-only task).
More information about the CentOS