On Fri, Nov 20, 2009 at 04:09:15PM +1100, James Morris wrote: > Many users limit their use of the root account to essential system > maintenance, and run general purpose applications as a regular > unprivileged user. I know basically nobody who, on a generally single user system, explicitly switches to a console to log in as root and perform package installs there. If you're not doing that then the issue is basically moot - a user-level compromise will become a root-level compromise the next time you run anything as root. > - The local session has a new means to execute in a high privilege > context, i.e. that which is required to install the system itself. > This is a problem alone -- everything which runs in this context is > now a prime attack target. I don't think I'd agree with that. The common case for F10 and F11 will be for people to have installed a package once with the root password and then ticked the "Remember authentication" box. At that point, we have the same security exposure as we do with F12 (again, concentrating on the single-user machine case). I definitely agree that there's a whole range of cases where this isn't the behaviour you want. But for the vast majority of our users, I don't think there's a real security issue here. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list