Fedora 22 update security
Josh Boyer
jwboyer at fedoraproject.org
Wed May 13 14:27:23 UTC 2015
On Wed, May 13, 2015 at 10:00 AM, Bastien Nocera <bnocera at redhat.com> wrote:
>
>
> ----- Original Message -----
>> Actually that should not an issue since we only do offline updates,
>> so there is no chance of one user updating software while
>> another is using it.
>
> And only admin users can reboot the machine while other users are using it...
Even in that scenario I'm don't believe allowing non-admin users to
apply updates is the correct thing to do. I mean, your friend is over
and turns on your laptop and logs into the non-admin account he
created. He sees updates and says to apply them (via offline updates
or not). He reboots the machine since he's the only logged in user.
Now you have a bunch of updates applied that you didn't know about the
next time you log in.
This really seems like a bad idea to me.
josh
More information about the desktop
mailing list