On 06/01/2015 02:55 PM, Ed Greshko wrote:
On 06/02/15 05:23, Rick Stevens wrote:
Did it at least ask you for the root password? If it didn't and you
could do an update/install as a non-wheel user, then that's a HUGE
security hole and I'd BZ it immediately.
Just checked and the "good" news is that a user must enter the root password to add/erase packages using the graphical tools.
Yes, "good" (emphasis on the quotes) is the proper way to put it.
Updates can break stuff. Any operation that could break a functioning
system should require root authentication. I'd bugzilla that--probably
against polkit.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- Let us think the unthinkable. Let us do the undoable. Let us -
- prepare to grapple with the ineffable itself, and see if we may -
- not eff it up after all. -
- -- Douglas Adams -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
