Complexity eats kittens alive!!!
Complexity eats kittens alive!!!
Posted Nov 24, 2009 15:53 UTC (Tue) by dskoll (subscriber, #1630)In reply to: Complexity eats kittens alive!!! by AdamW
Parent article: Fedora 12 to remove unprivileged package installation
don't you see how that level of granularity might be just a _tad_ welcome to your average admin?
No, not really. Explain what the difference between "a device" and "a system-internal device" is. What, exactly, are you allowed to do if you are allowed to "Modify a device"? What does "Cancel a job initiated by another user" mean? Kill someone's process? Stop an "at" or "cron" job?
We see here creeping Microsoftisms. Vaguely-defined actions (described in dumbed-down, imprecise language) that are supposedly security-critical, so the average admin is completely confused as to what he or she should allow. This is a real step backwards.
Posted Nov 24, 2009 20:48 UTC (Tue)
by nix (subscriber, #2304)
[Link] (1 responses)
What a 'job' is, I have no idea. I agree, there should be a
Posted Nov 24, 2009 21:10 UTC (Tue)
by dskoll (subscriber, #1630)
[Link]
The distinction between 'device' and 'system-internal device' is clear
enough: the latter should really be 'external device'. It's not clear to me. What if I have a hot-swappable SCSI disk? Is that internal or external? How about if my root file system is on an external USB device? (Don't laugh... I run my EEEPC that way.) Some of the categories listed don't look useful to me. In fact, they look dangerous exactly because they are imprecise. If complexity is the enemy of security, then imprecision is the nuclear weapon.
Complexity eats kittens alive!!!
enough: the latter should really be 'external device'. Basically the
latter is internal disks and the former is USB stuff and things like that.
maximally-precise version of the descriptions.
Complexity eats kittens alive!!!