Local users get to play root?
shmuel siegel
fedora at shmuelhome.mine.nu
Thu Nov 19 22:51:50 UTC 2009
Jesse Keating wrote:
> On Thu, 2009-11-19 at 06:50 +0000, Keith G. Robertson-Turner wrote:
>
>> The desktop users on my network might have difficulty doing any of those
>> things, since their "desktop" access is via VNC tunnelled through ssh.
>>
>> However, now it seems they can arbitrarily install software into /usr,
>> on a server that is (for some of them) in a foreign country, because of
>> something called PackageKit.
>>
>
> That is incorrect, unless somehow your ssh tunneled VNC registers as
> "local console login", which I doubt. In your case, none of your users
> would be allowed to install software/updates.
>
>
There is a logical flaw in this argument. Last month you would have told
me the PackageKit is totally safe; you need to know the admin password
to install anything. Seems that that is no longer true. Where is my
guarantee that the current restrictions won't be loosened.
More information about the fedora-devel-list
mailing list