LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Exploring options for the openSUSE security policy

Exploring options for the openSUSE security policy

Posted May 25, 2012 15:17 UTC (Fri) by nybble41 (subscriber, #55106)
In reply to: Exploring options for the openSUSE security policy by dps
Parent article: Exploring options for the openSUSE security policy

> You don't need root access even if you are installing programs like wireshark, scsi_id, etc. You might need root privileges to actually *use* some of these programs because they use features which are too dangerous to be given to ordinary mortals.

It's still a really good idea to install them as root, however, since the alternative is running programs as root which are writable a non-root user, which is a major security hole. Even if that non-root user is just you, it opens up the possibility of a local privilege escalation by malware running in your unprivileged account.

(Log in to post comments)

Exploring options for the openSUSE security policy

Posted May 30, 2012 14:34 UTC (Wed) by job (guest, #670) [Link]

For a truly personal computer however, there is no such thing as privilege escalation. All the stuff I care about are accessible from my account. There is nothing useful to an attacker outside my account.

The security model for this use case is clearly very different from a server with several daemons running, or even remotely logged in users.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds