Local users get to play root?

[Bojan Smojver]

Rahul Sundaram <sundaram <at> fedoraproject.org> writes:
 
> If you have a problem with this, do explain why. Not suggesting it is
> not a problem but being more descriptive does help.

This opens the door to all kinds of cascaded exploits that would otherwise not
be possible (see: http://lwn.net/Articles/362640/). Then local users really get
to play root, except that they are really remote users that just broke into your
system.

I have no problem with this being a choice an administrator can make, if they
feel brave enough to do it. But having this as a default behaviour is just wrong.

--
Bojan