On Tue, Nov 24, 2009 at 3:25 PM, Jack <span dir="ltr">&lt;<a href="mailto:quiet_celt@yahoo.com">quiet_celt@yahoo.com</a>&gt;</span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Wow! It&#39;s been a while since I even looked at RH. Thanks for the detailed<br>
breakdown. It actually sounds like a good thing the way you describe it.<br>
The thing that always bothers me about sudo is, once you give it a password, any application running under your userid can up it&#39;s privileges for some time to come, and also, any malicious program you accidentally run for several minutes after automatically can do any root thing it wants, because you&#39;ve already supplied the password (maybe, see next paragraph).<br>
</blockquote><div><br>Well, that&#39;s assuming your sudo setup is one allowing global root access.  In most multiuser environments sudo is much more restricted. <br></div><div><br>If sudo only allows you to restart Apache there&#39;s not much malware can do.<br>
 </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I&#39;ve read &quot;stories&quot; (BYO salt) on the web that talk about Linux machines getting infected by having run sudo shortly before &quot;accidentally on purpose&quot; running a Windows virus just to see if it would run, and then having it bork the machine. So sudo isn&#39;t all that much safer - and may be less so. I&#39;ve actually tested running Windows viruses on my machine, well in a vm on my machine. Some Windows viruses actually do run, and some can actually do damage if you have Wine that is. I have yet to see one break out of a VM.<br>
</blockquote><div><br>I think you&#39;re correct in taking those stories with a grain of salt.<br>  <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

Although, I&#39;ll reserve judgment until I see it in action. I&#39;d much prefer, to have to be asked for my password for either every install, or for every batch install. And especially for intsalliing anything, I didn&#39;t preselect or ok to add. Of course, this only keeps out the &quot;under the radar&quot; malware. Won&#39;t stop the &quot;You should install me, I&#39;m a kewl app!&quot; malware.<br>
</blockquote><div><br>This is clearly targeted at desktop environments and for newer users.  Also keep in mind that this only worked for SIGNED packages (with installed GPG keys) from known repositories.  In other words, core Fedora packages or other repositories explicitly enabled.  The chicken littles that were crowing about this didn&#39;t read the fine print.<br>
 <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
d) a distro that installs all you usually want, negating b) and c),<br>
</blockquote><div><br>This new feature was in direct opposition of that.  The goal was to allow a more lightweight distribution that adjusts as needed. <br><br>Jeffrey.<br></div></div><br clear="all"><br>-- <br><br>&quot;He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself.&quot; -- Thomas Paine<br>