Summary/Minutes from today's FESCo Meeting (2013-05-22)

Stephen Gallagher sgallagh at redhat.com
Wed May 22 20:24:42 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/22/2013 03:30 PM, Kevin Fenzi wrote:
> * #1115 guidance from FESCO on packagekit upstream policykit
> change (nirik, 18:35:22) * LINK:
> https://fedorahosted.org/fesco/ticket/1115   (nirik, 18:35:22) *
> AGREED: local, active, admin user can update/remove/etc. signed 
> software w/o password. apps using this should not operate without 
> confirmation from the user.  (nirik, 19:13:37)
> 

FYI, I'd like to try to summarize some of the mitigating factors here
before sensational journalists get their hands on it.

This is *not* the same behavior as what we reverted in Fedora 12. Only
users that have been designated as "Administrators" (in Fedora, this
means membership in the 'wheel' group) will have the ability to
install *signed* packages without reauthenticating themselves
if-and-only-if they are the active user at the physical machine. We
determined that the added risk here is minimal (if someone has come up
to your unlocked system, they are most likely capable of doing far
greater harm).

To itemize what this policy change does *not* do:
 * It does *not* allow administrative users to install software over
an SSH connection without re-authenticating.
 * It does *not* allow non-administrative users to install software
without authenticating with administrative credentials
 * It does *not* allow administrative users to have software installed
without presenting them with a confirmation dialog.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlGdKYkACgkQeiVVYja6o6P4mACdEp4Tfhhvqb1BZaFkHYyPERGq
HL8An2aBmzqAlCYHVFyJ7HM3PwY1G1UB
=/e0C
-----END PGP SIGNATURE-----


More information about the devel mailing list