Local users get to play root?

Jeff Garzik jgarzik at pobox.com
Thu Nov 19 21:22:45 UTC 2009 

On 11/19/2009 03:59 PM, Peter Jones wrote:
> On 11/19/2009 03:37 PM, Jeff Garzik wrote:
>> On 11/19/2009 12:16 PM, Simon Andrews wrote:
>>> Bill Nottingham wrote:
>>>> Jeff Garzik (jgarzik at pobox.com) said:
>>>>> This sounds like a tacit admission that the default install for
>>>>> servers is bloody stupid (== same as desktop), unless the admin
>>>>> REMOVES packages we helpfully installed on the server system.
>>>>
>>>> PackageKit has only ever been included in destkop package groups.
>>>> While these groups are enabled by default, they are with the caveat of:
>>>>
>>>> "The default installation of Fedora includes a set of software
>>>> applicable for general internet usage."
>>>
>>> I've just been and checked on our servers, which were installed with
>>> minimal packages and never used for desktop activities and found two of
>>> them with PackageKit installed.
>>>
>>> Looking at the dependencies there is nothing on those machines which
>>> currently requires PackageKit so it could be cleanly removed, but
>>> something has pulled this in as a dependency in the past.
>>>
>>> Both of these machines have been through sequential upgrades from around
>>> FC3.
>>>
>>> Changing the behaviour of PackageKit would certainly affect me and I've
>>> never explicity installed it.
>>
>> Indeed.  This issue is giving Fedora a major black eye in security.
>>
>> And this major security issue -- where admins upgrade into insecurity --
>> is just hand-waved away even though it applies to a lot of situations.
>
> Seriously, quit spreading this "it's hand-waved away" FUD.  Elsewhere in
> the thread, notably without your participation, people have started

I'm in the thread; I guess that's another thing you are hand-waving away.


> discussing both guidelines for how polkit policy should work and also
> mentioned that they're going to bring this specific case up at the next
> FESCo meeting and try to deal with it.
>
> So seriously, quit pontificating about how your opinion is the truth,
> the way, and the light, and start reading what others are saying.  It's
> not as you seem to think is is.

These are facts, not opinion:

* F11 with PK would prompt for a password
* F12 with PK does not

* Everyone upgrading to F12, with PK on their system, receives this 
wonderful gift of lessened security.

* The user is not warned of this change, either via upgrade tool or 
[gold] release notes.

* Judging by the reaction here and elsewhere, this change was NOT 
expected by the Fedora userbase.


Every second that ticks by, more people upgrade into insecurity, with no 
warning besides a slashdot thread.  This is a secalert issue.

	Jeff

More information about the devel mailing list