Jeff Garzik <jgarzik@xxxxxxxxx> writes: > The only thing that will fix the damage is to update PK, reverting the > default-insecure policy. Precisely. I didn't imagine anyone would come with such idea. Even MS prompts for admin password, doesn't it? And I was told Fedora isn't more lame when it comes to security than MS. > May I remind folks that it is easy to UPGRADE INTO INSECURITY here. > Admins with servers, coming from F10/F11, can very easily fall into > this trap simply by updating their current systems. This is not (only) about servers. Desktops have the same problems. E.g. family computer, or a classroom PC. And even on my "personal" station I want the unprivileged IDs to not be able to perform administrative tasks, because access to these "weaker" accounts may be not protected well enough. And if we say that installing additional packages can't easily compromise system security (because e.g. network services are off by default), then how on Earth can we say at the same time it's ok and "by design" that installing a single non-network service program opens a huge door for attacks? Just admit this was a bug or maybe backdoor and fix "critical security problem" ASAP. -- Krzysztof Halasa -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
