Snow Leopard Security (unwanted snooping)->Thanks!
in [Mac Systems]
|
Prev: Print to pdf broken ?
Next: network utility
From: Darrell Greenwood on 7 Apr 2010 23:57 In article <81rulbFjprU1(a)mid.individual.net>, Jeffrey Goldberg <nobody(a)goldmark.org> wrote: > I sort of take a compromise position. I am a regular users, but I've > added my username to /etc/sudoers I changed to using a regular user some time ago to see if I could stand the extra hassle. I had been pondering putting my username in sudoers, especially when I forget and the system growls at me "you are not in sudoers, this will be reported" and sends off an email to me. Upon reading you had, I now have added my username to sudoers. Works nicely. Thank you for incentive to finally do it. Now the question, I have been pondering what additional security I get over just switching back to admin user permanently. I haven't figured it out. Any comments? Cheers, Darrell -- To reply, substitute .net for .invalid in address, i.e., darrell.usenet7 (at) �telus.net
From: Warren Oates on 8 Apr 2010 07:45 In article <070420102057324783%darrell.usenet7(a)telus.invalid>, Darrell Greenwood <darrell.usenet7(a)telus.invalid> wrote: > Now the question, I have been pondering what additional security I get > over just switching back to admin user permanently. I haven't figured > it out. Any comments? We run both our Macs as administrators full-time, and we've never had "security issues." The oul' Woman loses files that she has permission to lose anyway, and so do I sometimes. -- Very old woody beets will never cook tender. -- Fannie Farmer
From: Doug Anderson on 8 Apr 2010 10:06 Darrell Greenwood <darrell.usenet7(a)telus.invalid> writes: > In article <81rulbFjprU1(a)mid.individual.net>, Jeffrey Goldberg > <nobody(a)goldmark.org> wrote: > > > I sort of take a compromise position. I am a regular users, but I've > > added my username to /etc/sudoers > > I changed to using a regular user some time ago to see if I could stand > the extra hassle. I had been pondering putting my username in sudoers, > especially when I forget and the system growls at me "you are not in > sudoers, this will be reported" and sends off an email to me. > > Upon reading you had, I now have added my username to sudoers. Works > nicely. Thank you for incentive to finally do it. > > Now the question, I have been pondering what additional security I get > over just switching back to admin user permanently. I haven't figured > it out. Any comments? I'd say there were two things. 1) Don't do anything stupid. and 2) Since 1) is basically useless advice, make sure you have a robust backup system for when you _do_ do something stupid (or when your hard drive dies, etc.)
From: Jeffrey Goldberg on 8 Apr 2010 13:47 Darrell Greenwood wrote: > Now the question, I have been pondering what additional security I > get [from not being an admin user but being in sudoers] over just > switching back to admin user permanently. I haven't figured it out. > Any comments? If you are an admin user you (or programs running as you) can make changes in places like /Applications without you having to authenticate. But if you are a regular user (even one in sudoers) anything you do to parts of the system that aren't owned by you requires authentication. If there were some browser exploit or the like that could silently run arbitrary code, you would be prompted to authenticate if that arbitrary code tried to do things outside your part of the system. -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
From: Jeffrey Goldberg on 8 Apr 2010 14:04
Warren Oates wrote: > We run both our Macs as administrators full-time, and we've never had > "security issues." As with making back-ups the idea is to close the barn door before the cows wander off. Everyone will have to judge for themselves whether the inconvenience of the extra authentication is worth the potential security gain. A scenario in which my security practices would pay off is if when you are browsing you hit a web page that exploits a bug in your browser that allows for "arbitrary code execution". If that "arbitrary code" tries to mess with the system (things other than your files and preferences) you would be prompted to authenticate. But if you were running as an admin user it could make serious changes to the system. To my knowledge that have not been anything other than proof-of-concept exploits of this nature against OS X users. But the vulnerabilities do exist. Look at the notes on the latest security update as part of 10.6.3. http://support.apple.com/kb/HT4077 Every time you see the words "arbitrary code execution" in an "Impact" statement means that there has been a vulnerability of this nature Whether it is in Safari or QuickTime. This last security update was a huge one. It is not typical to have as many as these (I stopped counting at a dozen). Vulnerabilities exist, and they get patched, and new ones get discovered. The question is whether they get exploited by the bad guys before they get patched by the good guys. Oh, and for everyone who hasn't moved from 10.6.2 to 10.6.3, please do so. There are a boatload of serious security fixes. > The oul' Woman loses files that she has permission to > lose anyway, and so do I sometimes. And this is what backups are for. People who haven't lost important files yet should still keep backups even though "they've never had a problem." Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid |