Gentoo Archives: gentoo-security

From: Heikki Levanto <heikki@×××.dk>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 14:09:33
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Michael Reilly
On Tue, Dec 16, 2003 at 11:43:10AM -0800, Michael Reilly wrote:
> Depends on how you view security and where you want to put your security.
Indeed! It also depends on the type of installation you are thinking about. On the sysadmins own workstation, having more powerful tools available is a blessing. On a shared machine with untrustworthy users, it is a curse. On a single-luser machine it depends: Locking the more dangerous commands away helps to avoid mistakes, whereas adding disturbances to the everyday use makes more (l)users do everything as root, negating the whole purpose. I am fairly new to Gentoo, and do not know what assumptions the security policy is based on. Personally I would prefer a choice on how to set up my systems, but I understand that too many choices invite too many users to choose wrong... Perhaps some system of alternative security defaults - assuming that someone can take the time to set them up? Another day of complex questions and no simple answers... Best regards Heikki -- Heikki Levanto LSD - Levanto Software Development <heikki@×××.dk> -- gentoo-security@g.o mailing list