Torvalds:requiring root password for mundane things is moronic
Scott Doty
scott at ponzo.net
Mon Mar 5 15:13:12 UTC 2012
On 03/02/2012 04:16 AM, Tim Waugh wrote:
> Yes, it's a policy.
>
> Also see this bug which I filed nearly two years ago on just this
> subject:
> https://bugzilla.redhat.com/show_bug.cgi?id=596711
>
> Tim.
> */
>
New bug report filed: "security policy: root password needed when it
shouldn't be".
https://bugzilla.redhat.com/show_bug.cgi?id=799988
There are security implications to exposing the plaintext root password
(or any password) to intercept and compromise, when they aren't needed
for the user to contact networked printers in the first place.
(For an easy example: the user could use nc(1) to print to an HP
jetdirect printer.)
I think what we have here is a zealous attention to security. That's
not a bad thing per se, but can lead to insecure policies that have the
added disadvantage of being highly annoying to people who use Fedora.
OT, but related: All my own desktops, save a mac mini, have been Fedora
since FC1, and were RedHat before that since "time immemorium". How
about you? :)
-Scott
More information about the devel
mailing list