Local users get to play root?
skvidal at fedoraproject.org
Wed Nov 18 21:39:49 UTC 2009
On Wed, 18 Nov 2009, Jeff Garzik wrote:
> On 11/18/2009 01:28 PM, Seth Vidal wrote:
>> I didn't say it did - I said it didn't make sense to have items like PK
>> on servers.
> Listen to yourself.
> The above is a blatant admission that it is REALLY EASY for existing users to
> upgrade themselves into a security nightmare.
> * F11 w/ PK: requires root
> * F12 w/ PK: does not require root
> And you don't see any problem with this?
you're talking to the wrong guy.
I don't maintain PK. I don't work on PK. I don't have anything to do with
it, in fact.
And you should listen to yourself. I'm saying: You want to run secure
servers, then you have to know what's on the system. Not just what pkg,
but what the pkg does.
This is why I said: It doesn't make sense to have programs like packagekit
which are targeted at end users on servers.
More information about the devel