Re: Fedora 22 update security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Is it alright for any normal user to update the kernel. In my experience
I have seen quite a lot of difference between kernel versions. When a
standard user updates already installed signed by Fedora software, it
could lead to some issues which system admin might not be able to fix.
For example, the downgrade option is available for one version below the
currently installed version. This is not recursive, I mean, I cannot go
from version 3 to version 1. I will be stuck with version 2. As a system
admin it is not ideal in a real world.

Differences between kernels and even versions of software, I have seen
and experiencing issues.

This is evolution email client, which I am currently editing to report
to the forum.

The other key thing is the update of the NVIDIA graphics driver. I still
have not managed to install NVIDIA graphics driver on my Fedora 22 even
with the latest kernel.

Nethaji


On Wed, 2015-05-13 at 09:47 -0400, Christian Schaller wrote:
> So I checked with Richard Hughes and the way the rules currently works is
> that there is a difference between install and update. If you want to install
> a new piece of software you need to be part of the wheel group, but any 
> user can update already installed software as long as it is signed Fedora software.
> (Well technically they are not even doing that since updates are done offline these
> days).
> 
> Christian
> 
> 
> 
> ----- Original Message -----
> > From: "Matthew Miller" <mattdm@xxxxxxxxxxxxxxxxx>
> > To: "Discussions about development for the Fedora desktop" <desktop@xxxxxxxxxxxxxxxxxxxxxxx>
> > Sent: Wednesday, May 13, 2015 9:07:28 AM
> > Subject: Re: Fedora 22 update security
> > 
> > On Wed, May 13, 2015 at 07:49:34AM -0500, Michael Catanzaro wrote:
> > > Actually, sorry, Matthew and I were wrong. We do allow unprivileged
> > > users to run software updates (provided all of the updates are
> > > cryptographically signed by Fedora). You can configure this behavior
> > > manually by creating a file in /etc/polkit-1/rules.d with the following
> > > contents (untested, should work):
> > 
> > Huh. Last time this came up in FESCo, I thought the decision was to
> > keep the policy as it had been (passwordless updates for admin users
> > only).
> > 
> > --
> > Matthew Miller
> > <mattdm@xxxxxxxxxxxxxxxxx>
> > Fedora Project Leader
> > --
> > desktop mailing list
> > desktop@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/desktop


-- 
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/desktop





[Index of Archives]     [Fedora Users]     [Fedora KDE]     [Fedora Announce]     [Fedora Docs]     [Fedora Config]     [PAM]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux