Torvalds Calls OpenSUSE Security 'Too Intrusive'

← Back to Stories (view on slashdot.org)

Torvalds Calls OpenSUSE Security 'Too Intrusive'

Posted by Unknown on Wednesday February 29, 2012 @05:25AM from the permission-denied dept.

jfruh writes "The balance between security and ease of use is always a tricky one to strike, and Linux distros tend to err on the side of caution. But no less a luminary than Linus Torvalds thinks openSUSE has gone too far. When his kid needed to call from school for the root password just so he could add a printer to a laptop, that's when Linus decided things had gone off the rails."

23 of 311 comments (clear)

Min score:

Reason:

Sort:

Only root? by busyqth · 2012-02-29 05:27 · Score: 5, Funny

Bah! Back in the day we recompiled the kernel to add a printer!
AND WE LIKED IT THAT WAY!!
1. Re:Only root? by Toe,+The · 2012-02-29 05:36 · Score: 5, Funny
  
  You mean sneakernet? That's nothing.
  Back in the day, we had to manually place dots onto the paper using a handheld carbon-marking device.
  On the plus side, it did have an undo function built right into the final product.
2. Re:Only root? by Anonymous Coward · 2012-02-29 05:58 · Score: 4, Insightful
  
  I love these responses. "It's not broken, incapable software, you just have to buy a different printer. Noob."
3. Re:Only root? by busyqth · 2012-02-29 06:02 · Score: 5, Informative
  
  Back in the day postscript didn't exist.
  "lp0" stands for "Line Printer 0" -- you know, 132 columns, tractor feed, green-and-white-striped paper, massive clattering mechanical wheels spinning.
  Now GET OFF MY LAWN!
4. Re:Only root? by Anonymous Coward · 2012-02-29 06:03 · Score: 4, Insightful
  
  Only if your printer sucked. If you had a real printer you could just cat the postscript to whatever device it was connected to...
  And that's why the year of Linux on the desktop will always be next year.
5. Re:Only root? by jd · 2012-02-29 06:13 · Score: 4, Funny
  
  Papyrus? Pah! Youngsters! Back in my day, we had to find a granite boulder to carve the letters into. With a herring!
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
6. Re:Only root? by jameskojiro · 2012-02-29 06:26 · Score: 4, Funny
  
  Pheromone Trails, are you kidding me, back in my day we used to have to encode chemical messages in our DNA over many generations before we could pass them on to our offspring.
  
  --
  Tsukasa: All I really want, is to be left alone...
7. Re:Only root? by busyqth · 2012-02-29 06:26 · Score: 4, Funny
  
  I still do that.
8. Re:Only root? by Grishnakh · 2012-02-29 07:39 · Score: 4, Informative
  
  There's some different issues here. Postscript (or PDF) printers are definitely superior to others, for good reason: they accept documents in a standardized format, and don't require special drivers. The only "drivers" needed are extremely simple, mainly to tell CUPS how many trays your printer has, and let you select the input and output trays, select duplexing, stuff like that.
  Drivers that don't accept Postscript (or at least some other de facto standard like HP's PCL) have to have special drivers to convert your PS/PDF file into something the printer can understand, which isn't just a document description language, but rather something more like machine code to tell the printer exactly how to move the print head around and spray ink--these cheapo printers don't have much in the way of processing power, and rely on the host to do the processing for it. This means you need a special driver (which doesn't necessarily mean kernel driver, usually these printer drivers just run in userspace), which of course has to be supplied by the manufacturer since they're the only ones who really know how the printer works inside. Everyone even semi-knowledgable about computers should know by now that relying on mfgrs to supply drivers for Linux is generally a losing proposition, so these el cheapo printers should be avoided at all costs.
  Setting up Linux to print to any decent office printer is usually a very simple affair: just find the printer, then select the manufacturer and model from the huge lists provided by CUPS, and off you go. Whether it's an HP LaserJet, a Ricoh, a Xerox, etc., it can print to any of these things. But a $30 piece of shit inkjet? Forget it. This has been the case for as long as $30 inkjets have been around, and hasn't changed, and it probably isn't going to change either, unless at some point in the future MS's near-monopoly collapses and Linux desktop systems start becoming popular (sort of like the way that many different phone makers sell their phones with different versions of Android on them, and these are doing quite well in the marketplace).
9. Re:Only root? by Barefoot+Monkey · 2012-02-29 07:47 · Score: 4, Funny
  
  Are the frozen herring red by any chance? I've been looking for one forever but can never quite seem to find it.
  Wild geese are known to hunt herrings of that colour. What you should do is look for a wild goose and follow it to see where it goes. That will surely be the best fishing spot for you.
10. Re:Only root? by Barefoot+Monkey · 2012-02-29 07:51 · Score: 4, Funny
  
  Postscript is an Apple conspiracy, designed to wear out electrons by sending too many of them through the printer cable.
  I think you meant Adobe.
  Adobe is an Apple conspiracy! Just look at the first and last letters. Do you think that is merely a coincidence?
11. Re:Only root? by Eil · 2012-02-29 08:42 · Score: 4, Insightful
  
  It's somehow the (free) operating system's fault because printer manufacturers design their hardware around yet another half-baked printing protocol instead of just using a standard that's been around for decades?
12. Re:Only root? by Anonymous Coward · 2012-02-29 08:50 · Score: 4, Interesting
  
  http://unix-tree.huihoo.org/V5/usr/sys/dmr/lp.c.html
Too much root is not a good thing by Toe,+The · 2012-02-29 05:30 · Score: 5, Insightful

I see this on Macs a lot. If you want to install anything, you have to type an administrator's password.
In theory, that's great. But in effect, you are giving that installer root access. So if I understand correctly, that installer could be putting any amount of spyware (or whatever) into your computer and nearly perfectly cover its tracks.
Otoh, many Mac apps are distributed as disk images, where you simply drag them from the image to your drive, and that's it. No password at all. If you're going to use pre-rolled software, that certainly seems more trustworthy. But of course, it is a lot more complicated of a process for the average user to be able to ever understand.
What an ass by MatthiasF · 2012-02-29 05:32 · Score: 5, Insightful

He could have just added the user to the sudo group and been done.

But no, he had to go harping on everyone on bug lists and social media rants to put people down, even suggesting whoever made the system should die.

What an ass.
1. Re:What an ass by Rhacman · 2012-02-29 05:43 · Score: 5, Informative
  
  If I understand correctly this in effect would be giving that user root priviledges. I think his complaint was that an ordinary task like adding a printer required that level of priviledge, not that it was inconvinient to do. It sounded like he wanted to administer his childs laptop without giving them free reign over it.
  
  --
  Account -> Discussions -> Disable Sigs
2. Re:What an ass by Hatta · 2012-02-29 05:44 · Score: 5, Insightful
  
  Why should he have to do that? Why isn't it sufficient to add the user to the 'lp' group? There's no reason that printing should require root access at all.
  
  --
  Give me Classic Slashdot or give me death!
3. Re:What an ass by OzPeter · 2012-02-29 05:50 · Score: 5, Insightful
  
  Why should he have to do that? Why isn't it sufficient to add the user to the 'lp' group? There's no reason that printing should require root access at all.
  Why does an administrator have to add anyone to anything in order to do a commonplace task on a machine that is really a commodity item?
  
  Not that I have read his rants but I get where he is coming from.
  
  --
  I am Slashdot. Are you Slashdot as well?
4. Re:What an ass by ArcherB · 2012-02-29 05:55 · Score: 4, Insightful
  
  If I understand correctly this in effect would be giving that user root priviledges. I think his complaint was that an ordinary task like adding a printer required that level of priviledge, not that it was inconvinient to do. It sounded like he wanted to administer his childs laptop without giving them free reign over it.
  He was also a bit pissed that you need the root password to connect to a new wifi hot spot. Could imagine the network admin's nightmare of having to give the root password to a salesman trying to give a presentation on the road?
  I had the same problem with my Fedora 16 (XFCE Spin) box needed the root password to eject a CD. It really sucked that my file manager couldn't do it unless I ran it as root. I don't even know what the file manager's name to run as root and I shouldn't have to. Of course it was no big deal for me to type in "sudo eject cdrom", but I wouldn't expect the average user to know that. Besides, I shouldn't have to add standard users to the sudoers group just so they can swap a friggin CD out!
  
  --
  There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
5. Re:What an ass by John+Hasler · 2012-02-29 06:02 · Score: 5, Informative
  
  If I understand correctly this in effect would be giving that user root priviledges.
  
  You don't. The whole point of sudo is that it gives you fine-grained control over the privileges of each user.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
6. Re:What an ass by chuckinator · 2012-02-29 07:50 · Score: 5, Informative
  
  Go in to the linux box you supposedly own and type 'man 5 sudoers'. You can specify which programs a user can run as root with fine grained controls that only allow specific users or specific groups to run only specific programs. It is not an all or nothing tool even if a majority of lazy sysadmins use it that way. If it didn't have that level control, there would be no point in using it over /bin/su.
My hypothesis... by brennanw · 2012-02-29 05:45 · Score: 5, Funny

Linus Torvalds is the Harlan Ellison of Linux.

--
Eviscerati.Org: All Hail the Eviscerati
Re:if Torvalds kid is smart enough to use by inode_buddha · 2012-02-29 07:17 · Score: 4, Insightful

Yeah he can be a control freak, but in a way I can't blame him. Can you just imagine how many black hats would like to get into Torvalds home LAN? Consider also that the man is pulling over 250 thousand $$$ per year wouldn't somebody like to sniff his network?

--
C|N>K