PackageKit policy: background and plans
Conrad Meyer
cemeyer at u.washington.edu
Fri Nov 20 19:47:53 UTC 2009
On Friday 20 November 2009 05:52:44 am Gregory Maxwell wrote:
> On Fri, Nov 20, 2009 at 12:26 AM, Conrad Meyer <cemeyer at u.washington.edu>
wrote:
> > On the contrary. On the typical single user system, it's just as bad if
> > an attacker can steal / delete / modify the user's files as it is if the
> > attacker can modify / delete system files. Privilege escalation isn't
> > needed to delete everything the single user cares about.
>
> Not quite. For example, it's much easier to fix a system which has only
> had a user account compromised, since if you actually trust that its only
> the user account you can skip the full reinstall.
>
> This is also assuming a strictly single user system. With features like
> fast user switching it wouldn't be inadvisable or especially inconvenient
> to operate business and pleasure activities from separate accounts. I
> don't know anyone that does this today, but as it becomes easier to do so
> and if the systems don't continue to go down the route of giving the local
> accounts root access then it may be a practice which becomes common.
It's easier to fix the system, *if* you trust that only the user account has
been compromised. However, to the user (and remember we're talking about
single-user systems here), their data is much more important than system
files. You can get system files back -- just reinstall. If data is lost /
mangled / stolen, you can't get that data or privacy back.
Yes, we're talking only about single user systems, let's not get off-track
here.
Regards,
--
Conrad Meyer <cemeyer at u.washington.edu>
More information about the devel
mailing list