Local users get to play root?

Chris Adams cmadams at hiwaay.net
Wed Nov 18 18:48:46 UTC 2009


Once upon a time, Rahul Sundaram <sundaram at fedoraproject.org> said:
> .. if the packages are signed and from a signed repository. So, you left
> out the important part. Explain why this is a problem in a bit more
> detail.

Fedora has made a big push into the multi-user desktop (which many home
computers are now) with things like fast user switching.  In many such
setups, not all users are considered "administrators" of the system
(think parents and kids for example).  However, Fedora continues to slip
in (with no announcement and no documentation on how to change) things
that allow the console user to be an administrator without any
additional authentication.

The answer here has been "well root should lock it down".  With the
ever-increasing complexity of the system, it is becoming more difficult
than ever to find (or even know about) all of the ways a system musth be
locked down.  "find / -perm +6000" doesn't cut it anymore, but there's
no documentation of all the ways a regular user can do administrative
tasks without an administrative password.

It seems the latest way of doing this is via PolicyKit.  IMHO all
PolicyKit configuration should be "secure by default", and then desktop
spins can include overrides in /etc to loosen-up security where desired.
This would also make it much easier to find and clearer to see what
might should be changed for local policy.

Right now, I see files /usr/share/PolicyKit/policy; I guess that's where
this kind of thing comes from.  How do I override the settings in one of
these files?  None of them are marked "config", so I guess I don't edit
them.  Are there other places such policy can be set?

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the devel mailing list