On 11/18/2009 01:41 PM, Konstantin Ryabitsev wrote:
2009/11/18 Simo Sorce<ssorce@xxxxxxxxxx>:
On Wed, 2009-11-18 at 13:19 -0500, Konstantin Ryabitsev wrote:
This significantly limits the number of users with powers to install
signed software -- almost to the point of where it sounds like a fair
trade-off. If someone has physical access to the machine, then heck --
it's not like they don't already effectively "own" it.
Most of my users wouldn't be able to "own" it even if I let a root shell
open, but they would definitely be able to install or remove packages
using the GUI.
The difference is huge.
If I have physical access to your machine, I'll own it. I may have to
use tools to get to the HDD, but it's only a question of time and
dedication.
Now, there can be situations where someone has access to the TTY
console or GDM (usually when it's a VM guest or a machine behind a
network KVM), but most often, if someone can log in on the console,
they are sitting in front of the physical box, to which they have full
access.
Console access is no excuse for a completely lax security policy.
Didn't Microsoft Windows teach us all that?
In the real world(tm), hacking via console access still means there are
a lot of hurdles you must dodge, like making noise while opening the case.
This new policy completely screws multi-user setups where (for example)
kids are given a login to play games -- but I sure don't want them to be
installing packages. Now, pkgs installs for them are trivial.
The physical argument by policy proponents is the real straw man:
F12+PK lowers the security barrier from "difficult" to "a simple mouse
click."
Jeff
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
