F21 System Wide Change: Workstation: Disable firewall
mitr at volny.cz
Tue Apr 22 17:01:03 UTC 2014
2014-04-20 23:20 GMT+02:00 Lars Seipel <lars.seipel at gmail.com>:
> On Thu, Apr 17, 2014 at 11:44:58PM +0200, Miloslav Trmač wrote:
> > We don't, actually. *Only* applications running in a session of a member
> > of the wheel group would have that right, and those applications are
> > much root-equivalent anyway. (Many GNOME users probably use such a
> > but it's not at all the only one possible.)
> Ugh. This is implemented in PolicyKit? Where was this change
> discussed/announced and when did it happen? Reinterpreting wheel group
> membership to give user accounts mighty powers without requiring
> re-authentication is a pretty major change and probably unexpected for
> most users.
I'm sorry, I was imprecise; it typically does require re-authentication
with users' own password, but in X11 that password is available to any
malicious program running in the session (e.g. by painting a fake screen
lock), so I tend to discount it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel