On Fri, Aug 20, 2010 at 3:24 PM, Till Maas <opensource@xxxxxxxxx> wrote: > On Fri, Aug 20, 2010 at 02:38:59PM -0400, Matthew Miller wrote: >> On Thu, Aug 19, 2010 at 06:49:33PM +0100, Matthew Garrett wrote: >> > > I think "run X as user Xorg if you're on KMS" would be a fine >> > > F15Feature to aim for. Ubuntu's been working on it too: >> > Of course, doing so just turns it from "Running code as X gives you >> > root" to "Running code as X gives you root the moment someone types in a >> > root password, even if they're on a different terminal". I accept that >> >> This sounds like yet another good argument for removing the need to ever >> type a root password. > > How does this make it better? Then someone would spy on the user password of > someone with sudo capabilities. This is an improvement because if Fedora removes "the need to ever type a root password" by simply allowing packagekit to give the user all the root abilities the user needs then the attacker doesn't need to wait around for the user to do something privileged, they can just ask packagekit as the user to do it for them. I'm sure this will save a lot of time. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
