PackageKit policy: background and plans
Krzysztof Halasa
khc at pm.waw.pl
Mon Nov 23 14:37:26 UTC 2009
Kevin Kofler <kevin.kofler at chello.at> writes:
>> I never tick those boxes. I'd like to know how to get rid of them
>> entirely.
>
> Upgrade to F12 (with the latest PackageKit update), there's no such checkbox
> in F12's PolicyKit.
This is good.
Also we should remember that user entering root password in user's
session makes the user account practically equivalent to root (it can be
seen as a protection against incidental damage, but not against a real
attack). The only secure way has to use a fully trusted path from the
person to the root process - e.g. logging as root (or root-equivalent)
initially, with a physically secured console (some sysrq-k or
ctrl-alt-del combo which cannot be remapped or blocked by non-root etc).
E.g. using su or in most cases sudo etc. makes the non-root account
equivalent to root. This can be, of course, deemed secure as long as we
accept and understand this equivalency.
--
Krzysztof Halasa
More information about the devel
mailing list