Torvalds:requiring root password for mundane things is moronic

Adam Williamson awilliam at
Mon Mar 5 22:10:40 UTC 2012

On Sat, 2012-03-03 at 15:10 -0700, Chris Murphy wrote:

> Depends. What if what's being added is a remote printer, that's merely
> a way to smuggle documents out of a company? So direct attach printers
> are probably fair game for adding without authentication. The user
> clearly has physical access to both computer and printer, the most
> applicable security control in this context is physical. But to add a
> non-local IPP printer is possibly a red flag.

I'm not sure it's remotely plausible to make 'strict in/out security on
a corporate network' the aim of our out of the box security policy. I
don't think we would ever achieve such a goal, but we could sure piss
off a lot of people who aren't part of corporate-wide deployments by
doing so, thus falling neatly between two stools. It really seems more
realistic to aim lower - but at some level that's actually achievable -
with our OOTB policy, and leave securing corporate networks to the
sysadmin of the corporation in question. That's their job, after all.

It's very easy to come up with some sort of theoretical scenario in
which almost *any* kind of ability to use the machine in any way
constitutes a 'security issue', but that doesn't really mean we should
ship a product which comes out of the box to a non-networked, single
user login prompt which refuses all passwords in the name of
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list