Security policy oversight needed?
Kevin Kofler
kevin.kofler at chello.at
Thu Nov 19 02:04:12 UTC 2009
Gregory Maxwell wrote:
> The time configuration policy is actually a fantastic example of this:
> After it was pointed out that any user could change the time
> willy-nilly the complaint was disregarded and denied by many because
> the dialog *did* ask for a password, as would be the classic unix
> security model expectation. Except… it was asking for the *users*
> password rather than a root password— so if you happen to know both
> (or if they are the same) you could test it and fail to realize that
> it was violating the long-standing expectation.
FWIW, upstream KDE requires root authentication to set the current time, and
in fact one usage (the one usage? I haven't found others so far) of KAuth in
KDE 4.4 will be to use PolicyKit to prompt for the root password (KDE 4.3
uses kdesu there). So now we also have inconsistent system policies, with
one tool explicitly prompting for root and another one not doing it. :-(
Kevin Kofler
More information about the fedora-devel-list
mailing list