Local users get to play root?
Jeff Garzik
jgarzik at pobox.com
Thu Nov 19 20:37:14 UTC 2009
On 11/19/2009 12:16 PM, Simon Andrews wrote:
> Bill Nottingham wrote:
>> Jeff Garzik (jgarzik at pobox.com) said:
>>> This sounds like a tacit admission that the default install for
>>> servers is bloody stupid (== same as desktop), unless the admin
>>> REMOVES packages we helpfully installed on the server system.
>>
>> PackageKit has only ever been included in destkop package groups.
>> While these groups are enabled by default, they are with the caveat of:
>>
>> "The default installation of Fedora includes a set of software
>> applicable for general internet usage."
>
> I've just been and checked on our servers, which were installed with
> minimal packages and never used for desktop activities and found two of
> them with PackageKit installed.
>
> Looking at the dependencies there is nothing on those machines which
> currently requires PackageKit so it could be cleanly removed, but
> something has pulled this in as a dependency in the past.
>
> Both of these machines have been through sequential upgrades from around
> FC3.
>
> Changing the behaviour of PackageKit would certainly affect me and I've
> never explicity installed it.
Indeed. This issue is giving Fedora a major black eye in security.
And this major security issue -- where admins upgrade into insecurity --
is just hand-waved away even though it applies to a lot of situations.
As Kevin K noted, it is completely illogical that the presence or
absence of a package (PackageKit) dictates security, or lack thereof.
Desktop spin or not, you need to prompt for a root password by default,
unless the user has opted INTO a lowered security policy.
Ironically, even Microsoft Windows Vista is smart enough to ASK if you
want a loose or tight security policy. Fedora 12 just assumes you want
a loose policy.
Jeff
More information about the fedora-devel-list
mailing list