Fedora 22 update security
Michael Catanzaro
mcatanzaro at gnome.org
Wed May 13 18:14:03 UTC 2015
On Wed, 2015-05-13 at 12:22 -0400, Christian Schaller wrote:
> Yeah, no problem with that. This issue with who can do updates, while
> something
> we should fix, isn't release blocking IMHO.
This is at best a F23-timespan issue.
Although I'm not opposed to prohibiting unprivileged users from
applying updates, we have a technical problem in polkit: we don't want
to force admin users to enter a password to apply updates, but horrible
workarounds (which we use in gnome-control-center and maybe now ABRT)
are required to allow admins but not standard users to bypass
authentication. Also, the polkit maintainer (Miloslav) doesn't want to
change this: he likes password prompts to protect against the chance
somebody gains physical access to your computer while you're logged in.
I think we need to fix polkit before we start adding more
authentication prompts. We basically want a rule auth_if_nonadmin.
For details, see https://lists.fedorahosted.org/pipermail/crash
-catcher/2015-April/005597.html
More information about the desktop
mailing list