> that program is under a sandbox that never include more than the
combined power of the user and sandbox of that package.
So you would be only securing the system, not what user has? (user doesn't
care about "system", they care about their own data, the data to which
they have access)
> And people frequently see packages floating on the web, and many claims
to do useful things that they want to do. And in most cases these claims
turn out to be true. To the point that most people will trust that the
thing they found will be among them, except they might be wrong.
And currently Ubuntu is educating users with its sudo system that whenever
anything popups up a "password" dialog, you're supposed give it your own
password. And with that password the programs are able to do the same
things as root (with sudo). Secure, yeah...
Security by obscurity... "our system is more secure because it doesn't
have a well known root account name"... (It could be more secure if Ubuntu
would educate people to create a completely separate account for
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds