Fedora 22 update security
Jiri Eischmann
eischmann at redhat.com
Wed May 13 15:49:03 UTC 2015
Josh Boyer píše v St 13. 05. 2015 v 10:27 -0400:
> On Wed, May 13, 2015 at 10:00 AM, Bastien Nocera <bnocera at redhat.com
> > wrote:
> >
> >
> > ----- Original Message -----
> > > Actually that should not an issue since we only do offline
> > > updates,
> > > so there is no chance of one user updating software while
> > > another is using it.
> >
> > And only admin users can reboot the machine while other users are
> > using it...
>
> Even in that scenario I'm don't believe allowing non-admin users to
> apply updates is the correct thing to do. I mean, your friend is
> over
> and turns on your laptop and logs into the non-admin account he
> created. He sees updates and says to apply them (via offline updates
> or not). He reboots the machine since he's the only logged in user.
> Now you have a bunch of updates applied that you didn't know about
> the
> next time you log in.
>
> This really seems like a bad idea to me.
I don't like this behavior either. My mom uses Fedora, but I don't let
her perform updates herself because our updates are not bullet-proof
and I don't want her to end up with a broken system. I always do it
myself and check if everything works afterwards when I visit her.
On one hand, we don't have any GUI for upgrades arguing that we don't
have a reliable mechanism for it to expose upgrades to users, and on
the other hand we allow anyone to perform updates who are also not
100% reliable.
I can imagine that sysadmins of classroom deployments may be
unpleasantly surprised by this as well. They are supposed to look at
updates settings more in detail, but I don't think one expects that
the system behave this way by default.
Jiri
More information about the desktop
mailing list