Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'why even post this?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
why even post this?
Authored by: signal15 on Dec 06, '02 03:17:37PM

Why would you even bother posting this hint? Users sacrifice security for convenience all the time, and some things, like this particular hint take it too far. The nice thing about OSX and other Unixes are their security model, where a regular does *not* have full access to the system without manually sudo'ing or su'ing to root and typing a password. By making a user have full access, you've basically turned the system into a windows 98 machine with virtually no local security policies at all, leaving worms/trojans/viruses free to do whatever they want to your system, and making it way easier for an attacker to do bad things.

Ask any unix admin about this hint, if you tell them you've done it, they will likely kick you in the shin.



[ Reply to This | # ]
why even post this?
Authored by: sardu_mac on Jan 17, '03 02:53:41PM

Actually, a lot of 'hardcore UNIX admins' have this enabled for their personal account. As long as you have a good password, don't do silly things like run system daemons as the same UID, use system accounts for apache authentication and such, there's no harm in this. Don't enable it for other accounts or users who aren't UNIX-savvy as they may have weak passwords or use services that allow cleartext password transfers.



[ Reply to This | # ]
very unsafe
Authored by: hayne on Mar 04, '05 03:51:52PM
If any of those "hardcore Unix admins" have done this, I hope they only run command-line programs or GUI apps that they themselves have written and so can have complete trust in.

As others have explained (e.g. 'bbum' above), the problem is that any program running under your account can (with this "hint") get full control of the machine. And a sufficiently clever piece of malware can do this without leaving any noticeable trace - so you might never know that your machine has been taken over.

I strongly recommend against implementing this hint.

[ Reply to This | # ]