Re: Local users get to play root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Wed, 18 Nov 2009, Jeff Garzik wrote:

On 11/18/2009 01:23 PM, Seth Vidal wrote:


On Wed, 18 Nov 2009, nodata wrote:

Am 2009-11-18 19:18, schrieb Colin Walters:

This is a major change. I vote for secure by default.

If the admin wishes this "surprise-root" feature to be enabled he can
enable it.

I'm not sure how this is 'surprise root'. IT will only allow installs of
pkgs signed with a key you trust from a repo you've setup.

which pretty much means: if the admin trusts the repo, then it is okay.

if the admin doesn't trust the repo it should NOT be on the box and
enabled b/c an untrusted repo can nuke your entire world.


By your own adminssion, we are talking about DESKTOP USERS.

How little social engineering + virus automation does it take to get such an install to include a malicious 3rd party repo?

Not much.

Jeff, I think you're misunderstanding, a lot, here. I'm not in favor of user-can-install-pkgs. I'm just explaining why I don't think pk should be on servers.

-sv

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux