Re: Local users get to play root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Wed, 18 Nov 2009, James Antill wrote:


1. Does "install" of obsoleting packages come under the same auth. (if
so I can now arbitrarily upgrade certain packages).

2. Does "install" of installonly come under the same auth. (if so I can
now stop kernel upgrades).

+1

4. Are there any attacks against packages with "default on" services?
(Note that you can almost certainly wait until there is an attack, and
then install the insecure service).

And if we have default on services then I think we should take a good LOOOOOOOOOONG look at them.

7. And the most obvious one ... how hard is it to get a bad package into
one of the repos. that the machine has enabled.

+many

-sv

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux