On Fri, 20 Nov 2009, Matthew Garrett wrote: > I know basically nobody who, on a generally single user system, > explicitly switches to a console to log in as root and perform package > installs there. This is how I started doing things in 1993, although I changed to sudo a few years back. > > - The local session has a new means to execute in a high privilege > > context, i.e. that which is required to install the system itself. > > This is a problem alone -- everything which runs in this context is > > now a prime attack target. > > I don't think I'd agree with that. The common case for F10 and F11 will > be for people to have installed a package once with the root password > and then ticked the "Remember authentication" box. At that point, we > have the same security exposure as we do with F12 (again, concentrating > on the single-user machine case). I never tick those boxes. I'd like to know how to get rid of them entirely. > I definitely agree that there's a whole range of cases where this isn't > the behaviour you want. But for the vast majority of our users, I don't > think there's a real security issue here. Are we moving toward a model where the user and the administrator are no longer really separated? Things seem to be regressing according to whatever use-case some desktop developer thinks is important at the time. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
