F21 System Wide Change: Workstation: Disable firewall

Miloslav Trmač mitr at volny.cz
Tue Apr 22 17:01:03 UTC 2014


2014-04-20 23:20 GMT+02:00 Lars Seipel <lars.seipel at gmail.com>:

> On Thu, Apr 17, 2014 at 11:44:58PM +0200, Miloslav Trmač wrote:
> > We don't, actually.  *Only* applications running in a session of a member
> > of the wheel group would have that right, and those applications are
> pretty
> > much root-equivalent anyway.  (Many GNOME users probably use such a
> setup,
> > but it's not at all the only one possible.)
>
> Ugh. This is implemented in PolicyKit? Where was this change
> discussed/announced and when did it happen? Reinterpreting wheel group
> membership to give user accounts mighty powers without requiring
> re-authentication is a pretty major change and probably unexpected for
> most users.
>

I'm sorry, I was imprecise; it typically does require re-authentication
with users' own password, but in X11 that password is available to any
malicious program running in the session (e.g. by painting a fake screen
lock), so I tend to discount it.
    Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140422/f22e6d6f/attachment-0001.html>


More information about the devel mailing list