Torvalds:requiring root password for mundane things is moronic

Scott Doty scott at ponzo.net
Sat Mar 3 23:03:38 UTC 2012


On 03/03/2012 02:19 PM, Miloslav Trma─Ź wrote:
> On Sat, Mar 3, 2012 at 11:10 PM, Chris Murphy<lists at colorremedies.com>  wrote:
>> On Mar 3, 2012, at 1:00 PM, Neal Becker wrote:
>>> ->  Don't ask for re-auth for an action that isn't really potentially harmful
>>> (e.g., adding a printer)
>> Depends. What if what's being added is a remote printer, that's merely a way to smuggle documents out of a company? So direct attach printers are probably fair game for adding without authentication. The user clearly has physical access to both computer and printer, the most applicable security control in this context is physical. But to add a non-local IPP printer is possibly a red flag.
> Curiously enough, I was thinking exactly the opposite - anyone able to
> open a TCP/IP socket is able to print on a remote printer, so this
> does not need to be restricted; but accessing local hardware may be
> something a system administrator of a multi-user system may want to
> restrict.  (You may have noticed that at least in some Windows
> versions, network printers can be configured per-user, but
> hardware-attached printers are always system-wide.)
>
> A complete lockdown to prevent transferring data out of the system is
> a much harder problem (even if you only allow users to run a web
> browser, they may use it to send data to a server).
>     Mirek

How about allowing all printer management of local printers (including 
adding a network printer, as Linus & his daughter were dealing with) 
with two factors:

1) user password
2) physical access

...because PolKit already knows when the user is sitting at the console, 
right?

  -Scott



More information about the devel mailing list