Am Mi, den 07.01.2004 schrieb Rui Miguel Seabra um 12:43: > On Wed, 2004-01-07 at 11:39, Andy Green wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Wednesday 07 January 2004 11:12, Rui Miguel Seabra wrote: > > > > > I hope Fedora News stops instructing newbies to use root for anything > > > (including making RPMS from software obtained without any checks). > > > > > > If people start getting used to do it, pretty soon now we'll have > > > viruses. No, seriously. > > > > This is the tip of an iceberg. For example, how many binary RPMs have we > > installed on our machines, signed or unsigned? Its possible that the > > signer's machines were compromised, or upstream sources attacked and then the > > results signed... and we have to install RPMs as root, so the scripts inside > > them run as root... for unsigned RPMs you are forced to trust the packager's > > good faith. > > Of course, but Fedora News is giving very dangerous instructions that > should never be given (and they really don't need to be given since > there are safer ways to do it). > > With root you have no luck if configure has something like: > install & execute virus > > or rm -fr /, or mke2fs /dev/hda etc.... > > That's is some seriously bad advice. > > Rui Full acknowledge Rui Miguel! It has always been one of the big advantanges of UNIX systems that for certain tasks it was neccessary to have root permissions and always only to use them for these tasks, like main system setups. What it means if a user is always working with full permissions we do see facing all these compromised Windows PCs, threatened by viruses, worms, dialers, registry hacking tools, advertising nags integrating to the internet explorer, ... That did not even became better with Windows NT, 2000 nor XP as all the folks always login as Administrator. So any beginner - either using Fedora or any other distribution - should learn as one of the first steps, that root account is only an administrative account and that he should do as much things he can do as normal, unpriviledged user. For instance building RPMS from SRPMS or just compiling from source is one tasks anyone can do without being root. Good howtos always advice users to do so, like http://freshrpms.net/docs/fight/. Just my 2¢. Alexander -- Alexander Dalloz | Enger, Germany PGP key valid: made 13.07.1999 PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
