[CentOS] Orwell's 1984 from Freedesktop,org?

Fri Jan 23 19:35:40 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, January 23, 2015 5:37 am, Scott Robbins wrote:
> On Thu, Jan 22, 2015 at 09:30:03PM -0600, Valeri Galtsev wrote:
>> On Thu, January 22, 2015 9:05 pm, Always Learning wrote:
>> >
>> > On Thu, 2015-01-22 at 21:19 -0500, Bill Maltby (C4B) wrote:
>> >
>> >> I object to this sort of crap. Hidden, no reason for an *IX desktop
>> to
>> >> be forced to ignore or deal with this crap.
>> >>
>> >>
>> >> https://www.dropbox.com/s/b2p2ki7t2rwi5ot/FreeDeskTop_Org_Orwell_1984.png?dl=0
>> >>
>> >
>> > What is going-on ?  It really looks Windozed !  Looking at it makes me
>> > feel ill.
>> >
>> Just out of curiosity: how do you guys look at it? This asks me for
>> password... In general it is good idea to place something into open URL
> Originally, packagekit, which is a GUI package manager, wanted to allow
> all
> users to install anything without a password.  When a bug report was
> filed,
> the developer mentioned that they didn't care how Unix had done things in
> the past.  This made the front page of slashdot, to almost universal
> derision, and RH changed it. In Fedora, I believe it still allows any user
> to update an installed signed package without asking for authentication.
> They tried to do that in RH as well, but a bug report was filed, and it
> was
> changed.
> In my less than humble opinion, this is how it should be.  A
> non-privileged
> user should not be allowed to make changes to the system.

I would second that (or third, or hundredth...). I hate Adobe for putting
SUID-ed "plugin-config", thus enabling regular user write where only root
can. This crap triggers my system integrity alarms. I always have to
remove SUID bit then set immutable bit so the crap doesn't resurrect with
their update. In the same list of bad guys comes google with its chrome
browser, that drops in daily cron job. Which I have to remove and put
placeholder (with immutable bit set), so it doesn't resurrect... Other
people have their too lists I bet.

As a matter of fact I tend to not use GUI admin tools since long ago. Even
on machines I sit in front of as a regular user. I prefer to grab root
shell for that. This is, BTW why I prefer plain ASCII text human readable
config files, and hate the move towards GUI only based administration. One
single case is different for me: I do prefer 3ware web RAID admin
interface anything else (it more transparently prevents me from making
fatal blunders - probably just me).

And yes, disabling root user and having sudo instead is on my evil list
too: yet another SUID-ed binary, and potential holes due to some garbage
in config file... BTW, su (with the same password for root as regular user
has), and attempt to use sudo are the fist two things bad guys try when
they log in with stolen password of regular user (after a compromise of
machine elsewhere).


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247