Security policy oversight needed?
Gregory Maxwell
gmaxwell at gmail.com
Thu Nov 19 17:33:34 UTC 2009
On Thu, Nov 19, 2009 at 11:42 AM, Jesse Keating <jkeating at redhat.com> wrote:
> We have a server spin, and it's boot.iso/netinst.iso. And no, I am not
> joking. Servers are installed by starting with the smallest possible
> package set to get the system booted and on the network, then adding the
> specific functionality you want the server to perform, such as http
> server, or mail server. Nothing more. It is the very essence of start
> from nothing, add what you want.
...add what you want, and have PolicyKit pulled in as a dependency.
When this discussion came up I tried doing a yum erase PolicyKit on
one of my systems and had it offer to remove some 372 package,
including xorg-x11-drivers.
I don't mind at all that I have to type my administrator password in
to do root privileged things on my desktop or laptop. I don't want the
normal security model to be circumvented in odd ways.
And I really wanted a batteries-not-included server I'd install gentoo.
More information about the devel
mailing list