Local users get to play root?
Colin Walters
walters at verbum.org
Wed Nov 18 22:36:33 UTC 2009
On Wed, Nov 18, 2009 at 5:18 PM, Jeff Garzik <jgarzik at pobox.com> wrote:
>
> You forget we have botnets doing distributed cracking now.
But...if you've cracked the root password, there are rather easier
(and less audited) routes to trojaning the system than adding a third
party yum repository and downloading your malicious RPM.
> And this enormous security hole of a policy change was done with next to
> /zero/ communication, making it likely that many admins will not even know
> they are vulnerable until their kids install a bunch of unwanted packages.
I think you are correct that the change could have been documented better.
More information about the fedora-devel-list
mailing list