| |||||||||||||
Exploring options for the openSUSE security policyExploring options for the openSUSE security policyPosted May 25, 2012 12:42 UTC (Fri) by dps (subscriber, #5725)Parent article: Exploring options for the openSUSE security policy
It is actually possible to install almost anything without root access, including fonts. If it want to use apt-get, rpm or similar technology then you can't do that (at least not most of the time).
You don't need root access even if you are installing programs like wireshark, scsi_id, etc. You might need root privileges to actually *use* some of these programs because they use features which are too dangerous to be given to ordinary mortals.
(Log in to post comments)
Exploring options for the openSUSE security policy Posted May 25, 2012 15:17 UTC (Fri) by nybble41 (subscriber, #55106) [Link]
> You don't need root access even if you are installing programs like wireshark, scsi_id, etc. You might need root privileges to actually *use* some of these programs because they use features which are too dangerous to be given to ordinary mortals.
It's still a really good idea to install them as root, however, since the alternative is running programs as root which are writable a non-root user, which is a major security hole. Even if that non-root user is just you, it opens up the possibility of a local privilege escalation by malware running in your unprivileged account.
Exploring options for the openSUSE security policy Posted May 30, 2012 14:34 UTC (Wed) by job (guest, #670) [Link]
For a truly personal computer however, there is no such thing as privilege escalation. All the stuff I care about are accessible from my account. There is nothing useful to an attacker outside my account.
The security model for this use case is clearly very different from a server with several daemons running, or even remotely logged in users.
|
|||||||||||||