Re: Local users get to play root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/18/2009 01:14 PM, Rahul Sundaram wrote:
> On 11/18/2009 11:44 PM, Bruno Wolff III wrote:
>>
>> Besides other issues listed, the packages being installed may be privileged
>> programs that the admin doesn't want on the system, may start services or
>> schedule runs at specified times by default which might considered a
>> problem by the admin, the extra packages may use up too much disk space
>> and cause problems.
> 
> This assumes the user is different from a admin, which is not true for a
> personal desktop.  This revolves back to what the default target
> audience should be.  PackageKit target audience is defined at
> 
> http://www.packagekit.org/pk-profiles.html
> 
> If it doesn't match what Fedora wants, then it should be tweaked but the
> larger question should be addressed first.
> 
> Rahul
> 

Security-relevant defaults aren't set for the common case. They're set for the tightest case. For the desktop user maybe this works fine. For the server user, we've killed our security guarantee completely. It doesn't matter if you can change it. If the system boots so much as once with the default setup it may /already be too late/. By the admin's first opportunity to change the settings the box could already be rooted.

--CJD

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux