Torvalds:requiring root password for mundane things is moronic

Scott Doty scott at ponzo.net
Mon Mar 5 15:13:12 UTC 2012


On 03/02/2012 04:16 AM, Tim Waugh wrote:
> Yes, it's a policy.
>
> Also see this bug which I filed nearly two years ago on just this
> subject:
>    https://bugzilla.redhat.com/show_bug.cgi?id=596711
>
> Tim.
> */
>

New bug report filed:  "security policy: root password needed when it 
shouldn't be".

    https://bugzilla.redhat.com/show_bug.cgi?id=799988

There are security implications to exposing the plaintext root password 
(or any password) to intercept and compromise, when they aren't needed 
for the user to contact networked printers in the first place.

(For an easy example: the user could use nc(1) to print to an HP 
jetdirect printer.)

I think what we have here is a zealous attention to security.  That's 
not a bad thing per se, but can lead to insecure policies that have the 
added disadvantage of being highly annoying to people who use Fedora.

OT, but related:  All my own desktops, save a mac mini, have been Fedora 
since FC1, and were RedHat before that since "time immemorium".  How 
about you? :)

  -Scott



More information about the devel mailing list