low-hanging fruit
David Zeuthen
davidz at redhat.com
Mon Aug 20 19:22:43 UTC 2007
On Mon, 2007-08-20 at 15:08 -0400, Colin Walters wrote:
> On 8/20/07, David Zeuthen <davidz at redhat.com> wrote:
>
> So, like it or not, we simply need to engineer the security of
> the
> operating system such that untrusted code running in your
> desktop
> session can do as little harm as possible.
>
> Ok we're pretty far afield here but I don't disagree with anything
> you're saying here - all that work would help - but it doesn't change
> my opinion that by far the biggest bang for the buck in terms of
> security is making sure we get updates as painlessly (well tested
> etc.) as possible. And hence, that's why we should not have any
> password prompts for updating.
Oh, I think we definitely agree on that. Btw, with the work on PolicyKit
that I'm doing
http://people.freedesktop.org/~david/polkit-admin-auth-1.png
combined with the PackageKit work Richard is doing
http://hughsient.livejournal.com/32948.html
we should be close, with a bit of luck anyway, to having something for
Fedora 9. I'm hoping to find time in a month or two to help out on that.
Anyway, the beauty of this is that for the Fedora desktop spin we'll
just ship with a /etc/PolicyKit/PolicyKit.conf [1] file that allows the
action (and others) of updating the OS with signed package without
asking for auth. And the admin (if any) can always change this however
he likes. For a hypothetical super-secure govt compliant locked-down and
secure desktop spin it will always default to denying this (and other
actions) without even asking for any passwords. Centralized, fine
grained, secure.
David
[1] :
http://gitweb.freedesktop.org/?p=PolicyKit.git;a=blob;hb=HEAD;f=doc/man/PolicyKit.conf.5.in
>
More information about the Fedora-desktop-list
mailing list