Local users get to play root?
Simo Sorce
ssorce at redhat.com
Wed Nov 18 23:55:44 UTC 2009
On Wed, 2009-11-18 at 22:38 +0000, Richard Hughes wrote:
> 2009/11/18 Jeff Garzik <jgarzik at pobox.com>:
> > And this enormous security hole of a policy change was done with next to
> > /zero/ communication, making it likely that many admins will not even know
> > they are vulnerable until their kids install a bunch of unwanted packages.
>
> F11 had retained authorisations, which arguably were more of a
> security weakness. If rawhide had been signed during the F12 cycle
> everybody would have seen this change much earlier.
>
> If you're deploying F12, then I really think you should know the
> basics about PolicyKit.
Richard,
let's reverse it then.
If it is so simple and if all our users should know about PolicyKit,
then it should be no problem delivering a more secure policy by default,
and let people change the policy to less secure if they want.
Deal ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the fedora-devel-list
mailing list