On Fri, Aug 20, 2010 at 09:24:42PM +0200, Till Maas wrote: > > On Thu, Aug 19, 2010 at 06:49:33PM +0100, Matthew Garrett wrote: > > > > I think "run X as user Xorg if you're on KMS" would be a fine > > > > F15Feature to aim for. Ubuntu's been working on it too: > > > Of course, doing so just turns it from "Running code as X gives you > > > root" to "Running code as X gives you root the moment someone types in a > > > root password, even if they're on a different terminal". I accept that > > This sounds like yet another good argument for removing the need to ever > > type a root password. > How does this make it better? Then someone would spy on the user password of > someone with sudo capabilities. If sudo is configured to give root access with the user password with no further restrictions, you're right. But it opens the doors to other possibilities, like requiring kerberos or key- or cert-based authentication for login. I know it's not feasible for most end-user desktops, but here we use two-factor authentication tokens for administrative access. -- Matthew Miller <mattdm@xxxxxxxxxx> Senior Systems Architect -- Instructional & Research Computing Services Harvard School of Engineering & Applied Sciences -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
