2014-04-20 23:20 GMT+02:00 Lars Seipel <lars.seipel@xxxxxxxxx>:
On Thu, Apr 17, 2014 at 11:44:58PM +0200, Miloslav Trmač wrote:
> We don't, actually. *Only* applications running in a session of a member
> of the wheel group would have that right, and those applications are pretty
> much root-equivalent anyway. (Many GNOME users probably use such a setup,
> but it's not at all the only one possible.)
Ugh. This is implemented in PolicyKit? Where was this change
discussed/announced and when did it happen? Reinterpreting wheel group
membership to give user accounts mighty powers without requiring
re-authentication is a pretty major change and probably unexpected for
most users.
I'm sorry, I was imprecise; it typically does require re-authentication with users' own password, but in X11 that password is available to any malicious program running in the session (e.g. by painting a fake screen lock), so I tend to discount it.
Mirek
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
