Torvalds:requiring root password for mundane things is moronic
Scott Doty
scott at ponzo.net
Sun Mar 4 23:43:58 UTC 2012
On 03/03/2012 03:32 PM, Scott Doty wrote:
> On 03/02/2012 04:16 AM, Tim Waugh wrote:
>>
>> Yes, it's a policy.
>>
>> Also see this bug which I filed nearly two years ago on just this
>> subject:
>> https://bugzilla.redhat.com/show_bug.cgi?id=596711
>>
>> Tim.
>> */
>>
> They closed it as an upstream bug. Then upstream, there doesn't seem
> to have been an investigation of the bug(?), and it was resolved.
>
> Here is a new bug I filed at freedesktop.org:
>
> https://bugs.freedesktop.org/show_bug.cgi?id=46943
>
Bug was closed "notabug" by freedesktop.org, since (they explain) this
is a policy decision they've made, and not a flaw in the software.
I've reopened the bug with this text appended to this message, and I'd
also like to thank David Zeuthan for speaking up about what is truly a
moronic security policy.
-Scott
This is the second time in two years that this has been brought up, and
ignored. Let's not let it slip through the cracks this time, but make sure we
get this straightened out.
Can you please put me in touch with whomever is in charge of setting this
policy? I would like to exchange correspondence with the group or committee.
Or if you prefer, please point them at this bug, which I've reopened.
It should be noted that in virtually all cases, the user can contact network
printers on their own. It is actually less secure to ask for the root password
for this case, because it isn't needed whatsoever to accomplish the task at
hand. Thus, asking for the password does nothing but expose the plaintext root
password to the system, which is an opportunity to intercept the root password
Thank you for your time, especially on a weekend. :)
-Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120304/c681d927/attachment.html>
More information about the devel
mailing list