On Mon, 2010-08-23 at 13:16 -0400, Matthew Miller wrote: > On Fri, Aug 20, 2010 at 09:24:42PM +0200, Till Maas wrote: > > > On Thu, Aug 19, 2010 at 06:49:33PM +0100, Matthew Garrett wrote: > > > > > I think "run X as user Xorg if you're on KMS" would be a fine > > > > > F15Feature to aim for. Ubuntu's been working on it too: > > > > Of course, doing so just turns it from "Running code as X gives you > > > > root" to "Running code as X gives you root the moment someone types in a > > > > root password, even if they're on a different terminal". I accept that > > > This sounds like yet another good argument for removing the need to ever > > > type a root password. > > How does this make it better? Then someone would spy on the user password of > > someone with sudo capabilities. > > If sudo is configured to give root access with the user password with no > further restrictions, you're right. But it opens the doors to other > possibilities, like requiring kerberos or key- or cert-based authentication > for login. I know it's not feasible for most end-user desktops, but here we > use two-factor authentication tokens for administrative access. More generally, the situation would be, "Running code as X lets you read anything typed on any terminal". IMO, that's still pretty bad, and we can hardly claim success in reducing the privileges of X without fixing it. Users are going to be entering secrets of one kind or another on the keyboard for the foreseeable future. -- Matt -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
