PackageKit policy: background and plans

Robert Marcano robert at marcanoonline.com
Fri Nov 20 16:20:43 UTC 2009


On 11/20/2009 10:04 AM, Matthew Garrett wrote:
> I know basically nobody who, on a generally single user system,
> explicitly switches to a console to log in as root and perform package
> installs there. If you're not doing that then the issue is basically
> moot - a user-level compromise will become a root-level compromise the
> next time you run anything as root.

I do that on critical workstations because a long time ago an old 
(fixed) bug killed my X session when updating and messed my system, so I 
do not trust too much updating base X components using a GUI. on my 
personal systems, yes I use the GUI method

>
>>   - The local session has a new means to execute in a high privilege
>>     context, i.e. that which is required to install the system itself.
>>     This is a problem alone -- everything which runs in this context is
>>     now a prime attack target.
>
> I don't think I'd agree with that. The common case for F10 and F11 will
> be for people to have installed a package once with the root password
> and then ticked the "Remember authentication" box. At that point, we
> have the same security exposure as we do with F12 (again, concentrating
> on the single-user machine case).
>
> I definitely agree that there's a whole range of cases where this isn't
> the behaviour you want. But for the vast majority of our users, I don't
> think there's a real security issue here.
>




More information about the devel mailing list