Drawing lessons from fatal SELinux bug #1054350

Reindl Harald h.reindl at thelounge.net
Fri Jan 24 13:40:30 UTC 2014


Am 24.01.2014 13:56, schrieb Kevin Kofler:
> Alternatively, the kernel could be patched to give "admin users" (either 
> defined as members of the "wheel" group as now, or by some additional 
> property that would be set for the same users by default) some strategic 
> capabilities such as dac_override. That would also put an end to the endless 
> annoyance of having to sudo all the time. (And by the way, sudo and 
> PolicyKit actions should be allowed with no password (rather than the user 
> password as now) for wheel group members by default.) That way, you still 
> get the benefits from different accounts, e.g., different preferences per 
> family member, without the current restrictions imposed to "normal" users.
> 
> The endless password prompts make a lot of sense in controlled corporate 
> environments with dedicated system administrators, but on home machines, 
> they are just an unnecessary annoyance

no, they are not, they have the same reason as firefox asks
for the master-password before display stored passwords even
after you already entered it to login somewhere

they prevent that if you are not alone that while you go to
the toilet and forget to lock your screen unauthorized people
not doing things nobody wants on the machine

what you propose is the Apple way - not on a linux system please


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140124/dc2ca123/attachment.sig>


More information about the devel mailing list