Once upon a time, Gregory Maxwell <gmaxwell@xxxxxxxxx> said: > Right click the gnome clock applet, adjust date & time. It asks for a > password, the *user* password satisfies it. I never would have caught > this: My time is always set via NTP, and if I ever accidentally > clicked my way to that dialog I would have assumed that it wanted the > root password. The question is: what path is this taking to get the required access level (I guess PolicyKit)? What other things may be available this way (is there any limit)? How was this audited before being added to Fedora? There is a bug about this in RH BZ (450304) that has been open since 2008-06-06 with basically no action. What mechanism is there to keep track of these policies? There should be a Fedora policy to control RPMs adding new policies to PolicyKit. As a system admin, I look for setuid/setgid binaries and open sockets, but now there's a new method to bypass that for root-level access. I admit, I haven't paid much attention to PolicyKit (I'm more of a server guy; I run Fedora on my desktop just because). I see it is pretty deeply intertwined; "yum remove PolicyKit" wants to remove 214 packages. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list