"Fedora users are revolting against a change introduced in the latest version of the operating system that allows the installation of thousands of software titles without an administrative password.
Critics say the move diminishes the security of machines running the open-source OS by giving unprivileged users what amounts to administrative control. That could allow lower-level employees to install software that's not been approved by administrators, or worse, to gain root access by installing an application with a known security vulnerability and then intentionally exploiting it."
http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/
On Fri, Nov 20, 2009 at 07:24:44AM +0530, susmit shannigrahi wrote:
"Fedora users are revolting against a change introduced in the latest version of the operating system that allows the installation of thousands of software titles without an administrative password.
Critics say the move diminishes the security of machines running the open-source OS by giving unprivileged users what amounts to administrative control. That could allow lower-level employees to install software that's not been approved by administrators, or worse, to gain root access by installing an application with a known security vulnerability and then intentionally exploiting it."
http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/
There's already an update in progress:
https://www.redhat.com/archives/fedora-announce-list/2009-November/msg00012....
On Thu, 2009-11-19 at 23:43 -0500, Paul W. Frields wrote:
On Fri, Nov 20, 2009 at 07:24:44AM +0530, susmit shannigrahi wrote:
"Fedora users are revolting against a change introduced in the latest version of the operating system that allows the installation of thousands of software titles without an administrative password.
Critics say the move diminishes the security of machines running the open-source OS by giving unprivileged users what amounts to administrative control. That could allow lower-level employees to install software that's not been approved by administrators, or worse, to gain root access by installing an application with a known security vulnerability and then intentionally exploiting it."
http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/
There's already an update in progress:
https://www.redhat.com/archives/fedora-announce-list/2009-November/msg00012....
<snip>
hey,
I think the update in progress needs to be ..uhm.. "propagated" more. Not a lot of folks (I also mean users who only heard of the drama via dents etc and nothing more) are aware of it.
My bit:
http://dodoincfedora.wordpress.com/2009/11/20/fedora-packagekit-change/
regards, Ankur
http://www.theregister.co.uk/2009/11/19/fedora_12_root_imbroglio/
The site has posted this update at the top of the article.
"Updated: This story was updated about 11 hours after it was published to reflect that Fedora developers have reversed course. Operating system users once again will be required to enter a root password before installing software packages."