|
|
On Tue, 11 Nov 2008 17:09:27 -0800, Darren New wrote:
> Jim Henderson wrote:
>> A proper sudo configuration. Which arguably I don't have. ;-)
>
> What would be a proper sudo configuration? What would you have it do,
> other than (say) require the human to check sudo failure logs regularly
> or something?
Not use the NOPASSWD keyword, primarily. On a critical system, I
wouldn't allow that in the file at all. That would prevent a trojan such
as you describe from successfully using sudo to act as root.
On such a system, I'd also do other things, too, like require public key
authentication via SSH and disable root's remote access via SSH.
>> It's good to know they've fixed a few things, should I ever have a need
>> to go back. :-)
>
> Yes. Almost all (but certainly not all) of the complaining I've seen was
> either about beta versions of the stuff, or just plain wrong (such as
> complaining "they should have left an advanced way to do X" when they
> already did, and the review just wasn't advanced enough to find it).
>
> I must admit, this is the first time Windows has "improved" that I've
> immediately liked the new version better than the old, just in terms of
> look and functionality and such. Altho it does seem to be even more
> dumbed down, lacking (for example) progress bars for many things you'd
> think would have progress bars. And omitting useful functionality (like
> backups? Come on...) unless you pay for the full packages and more.
>
> Mine worked much better once I scraped all the proprietary ad-ware off
> the thing, and put on only the device drivers it didn't already have
> signed copies of from Microsoft.
>
> Of course, I haven't used it for real work yet, so maybe it's a lot
> flakier. But as a concept, it works for me. :-)
Whereas for me, I used it for about 15 minutes and then rebooted the
machine into openSUSE 11.0 and left it there. Vista's still there, but
pretty much all of my apps are Linux-based now, so I don't have a need
for it, really.
Jim
Post a reply to this message
|
|