[DLSLUG-Discuss] Interesting security piece
e-mail addresses are not shown in archives
Fri Dec 16 08:03:52 EST 2005
On Thu, 2005-12-15 at 23:42 -0800, Roger wrote:
> I didn't want to say this in my first book review (these points sound a bit dogmatic and
> controversial), but that is why Leo Laporte and Robin Miller are promoting Linux (especially their
> distro: Simply MEMPIS).
> These authors argue that if a few more Windows users become Linux users, then malware authors
> would need to write for Linux as well as Windows in order to stay effective. For hobbyist such as
> me, that's okay. I bet that's a tough sell in the corporate world. Try advocating that to
> overworked and unbudgeted IT departments. They don't want variety; they want simplicity.
> Some Linux advocates would also argue that malware authors would need to contend with Linux where
> MOST applications are designed to work reasonably well w/o admin or root access. That minimizes
> the threat that bugs in Konqueror or bash would pose if those programs don't run as root.
> (I confess, I'm kinda fond of the Windows XP "system restore" feature. I kinda wish that Fedora
> had a similar feature that I could use before and after I do something important as "root". That
> way if I misconfigure my system, I could reverse the process w/o reinstalling Fedora.
The components are very modular so RPM should be able to get you back
where you started, though I have trouble doing downgrades with RPM. A
reinstall should not be necessary.
Use subversion (or CVS) to take snapshots of etc. Just double check the
permissions on the files in the snapshot. You do not want a world
readable copy of shadow or your private encryption keys in the snapshot.
I run subversion as a nightly cron job to capture the etc tree changes.
> I guess the
> RPM uninstall feature is okay and I can't expect Linus, GNU, and RedHat to protect me against
> MYSELF. I guess I just need to read the man pages carefully and backup all important documents
> including config files. lol...)
> --- Python <[e-mail addresses are not shown in archives]> wrote:
> > http://www.usenix.org/publications/login/2005-12/openpdfs/geer.pdf
> > It was mentioned in Bruce Schneier's monthly newsletter.
> > --
> > Lloyd Kvam
> > Venix Corp
> > _______________________________________________
> > DLSLUG-Discuss mailing list
> > [e-mail addresses are not shown in archives]
> > http://dlslug.org/mailman/listinfo/dlslug-discuss
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> DLSLUG-Discuss mailing list
> [e-mail addresses are not shown in archives]
1 Court Street, Suite 378
Lebanon, NH 03766-1358
More information about the DLSLUG-Discuss