> > Because the syslog interface isn't secure. > > How come? Only root can read the logfile. The logging interface is not secure, it provides a generic path for anyone to log stuff. > Well I can't predict the future. What does mcelog actually do to > prevent hardware problems or to make the system respond to them properly > --- whatever "properly" means? It decoders the CPU state dumped by the exception from the kernel in a human understandable form. > >> Regular users must not change the system time. It's on UTC and kept on > >> track with chrony. > > > > Well, exactly. That's why you would need extra authentication to change it. > > Users are not supposed to change it at all, not even with extra > authentication. A user with extra authentication to be gain root is no different to su > > It wouldn't. In a GUI, polkit has a distinctive, separate dialog box it uses > > to ask for authentication. It's absolutely true that spoofing this sort of > > dialog is a concern. > > So yes, it decreases security instead of increasing it. No different. I can equally spoof you a shell window. > What difference does it make which password is supplied when with the > password things can be done that are relevant for security? Why should > I give my password again when I'm already logged in and the system knows > who I am? Configure the policy how you like. > And what if the user in the wheel group wants to use emacs to edit some > configuration file that can only be modified by root? They can use su if they want to use emacs for it. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
