Local users get to play root?
Adam Williamson
awilliam at redhat.com
Thu Nov 19 04:11:41 UTC 2009
On Wed, 2009-11-18 at 19:34 -0500, Jeff Garzik wrote:
> IFF this feature was listed as a question in firstboot,
This is generally considered to be a bad way of organizing things.
Asking people vague questions about the intended role of the system or
the intended nature of a given user account is a great way to confuse
them into making the wrong choice, especially since it wouldn't be at
all obvious what the actual impact of each choice would be. I don't
think that's the answer here. (frankly I'm a bit dubious about the plan
to introduce a simplistic 'user / administrator' paradigm, but that's a
wider topic).
> and IFF this feature was explained in detail in release notes, then there
> would have been no problem at all...
it is now :)
http://docs.fedoraproject.org/release-notes/f12/en-US/html/sect-Release_Notes-Security.html (but yes, obviously this should have happened way before release)
> You also omitted the case where admins of servers upgrade into a less
> secure policy. PackageKit presence does not imply desktop user.
i'm really not losing any sleep about that vector. if your server allows
untrusted people to have local login access it is a badly configured
server and you probably have more severe problems to worry about. the
impact on _non_-server machines is more significant, to my mind.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list