On Tue, 2009-02-24 at 08:18 -0600, Chris Adams wrote:
Once upon a time, Chris Adams <cmadams(a)hiwaay.net> said:
> What mechanism is there to keep track of these policies? There should
> be a Fedora policy to control RPMs adding new policies to PolicyKit. As
> a system admin, I look for setuid/setgid binaries and open sockets, but
> now there's a new method to bypass that for root-level access.
As a follow-up, I see on F10 that a user can also increase their process
priority level (which is normally a privilege reserved for root). This
is often useful in timing attacks and should not be allowed.
If I'm reading the policy right, users can change PackageKit proxy
settings and force a refresh of metadata. How much has PackageKit's
(and yum's) code been audited for security? If I can point it at a
proxy and force it to download data, how secure is it against attack
(e.g. via corrupted data)?
Can we please try to stay realistic here.
We are talking about default settings for a desktop system, where users
are expected to be able to update their systems.