At 12:41 -0800, 09 Feb. 1998, Marilyn Davis <marilyn@deliberate.com> wrote:
> I'm never sure how to take sarcasm, even face to face, but I wouldn't
> lose confidence in the software because of *this*.
I would. To me suggesting that software is run as root when there's no
need shows that there is either little concern for security or little
understanding of security, and makes me wonder what problems may be in
the code itself.
> The software author (me), who is admittedly obsessed with online
> democracy, believes that if you keep votes for your online community,
> it is the single biggest responsibility happening in your machine.
> This characteristic of the author is a good sign about the software.
>
> I feel safer running The Clerk (the underlying dataserver) as root
> because then only one password has access to the data files.
It may be the most important thing running on the machine, but that
doesn't mean it should be run as root. With it running as root, a bug
in the software may allow access to everything on the machine; after a
compromise you then need to reinstall everything before the machine can
be trusted again. If the program runs as a dedicated user (which could
be set up so that no password will allow access to the account), a hole
only allows access to the voting data, so the consequences of a break in
are much smaller.
--
Aaron Schrab aaron@schrab.com http://www.execpc.com/~aarons/
A Linux machine! because a 486 is a terrible thing to waste!
-- Joe Sloan <jjs@wintermute.ucr.edu>
Follow-Ups:
References:
|
|
