Re: clock riddle

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Matthias Clasen <mclasen@xxxxxxxxxx> said:
> On Tue, 2009-02-24 at 08:18 -0600, Chris Adams wrote:
> > If I'm reading the policy right, users can change PackageKit proxy
> > settings and force a refresh of metadata.  How much has PackageKit's
> > (and yum's) code been audited for security?  If I can point it at a
> > proxy and force it to download data, how secure is it against attack
> > (e.g. via corrupted data)?
> 
> Can we please try to stay realistic here. 
> We are talking about default settings for a desktop system, where users
> are expected to be able to update their systems.

What is unrealistic about possible security attacks on the system?

Actually updating the system requires root access; why do changing the
proxy server and refreshing metadata not?

-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux