Fedora's way forward
Rahul Sundaram
sundaram at fedoraproject.org
Sun Apr 2 02:52:48 UTC 2006
On Sun, 2006-04-02 at 03:45 +0100, Naheem Zaffar wrote:
> and that could be very very dangerous... a single web browser flaw
> could open up the full system to attack...
How?
>
> ...Imagine visiting a page that installs a repository, and then
> subsequently replaces core packages with compromised ones?
The browser automatically installing packages just because you visited
the page. You will have confirm to something and supply the root
password and there is GPG keys to verify the source and there is SELinux
to confine the amount of permissions that a browser has.
> (there are a couple of security hurdles such as root password... but
> never rely on the user to easily make the corrent judgement...)
Making it harder to install packages is security through obscurity. In
the near future, we are looking at a design for a system to get the
least amount of permissions possible and automatically get and drop
privileges Network Manager style.
http://searchopensource.techtarget.com/tip/1,289483,sid39_gci1173575,00.html
http://www.osnews.com/story.php?news_id=13904
Rahul
More information about the fedora-devel-list
mailing list