Re: Local users get to play root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 2009-11-18 21:27, schrieb Seth Vidal:


2009/11/18 nodata <lsof@xxxxxxxxxxxx>:
Am 2009-11-18 20:20, schrieb Richard Hughes:

2009/11/18 Casey Dahlin<cdahlin@xxxxxxxxxx>:

By the admin's first opportunity to change the settings the box could
already be rooted.

I'm not sure how you can root a computer from installing signed
content by a user that already has physical access to the machine.

You install software with a known buffer overflow before it is fixed and
exploit it. More software = more chances to exploit. Bingo!

If a user logged in from a physical local console wanted to exploit
their machine, this would be the hard way to do it.


So here is what I've just gotten from talking to Ray Strode and reading
docs.

if you want to disable this just run:

pklalockdown --lockdown org.freedesktop.packagekit.package-install

that will keep anyone from installing pkgs w/o authenticating as admin.


That's the short version.

the long version I'm working on writing up right now.

-sv

Thanks for this. Does this need to be run as root? :)

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux