Security policy oversight needed?
Gene Czarcinski
gene at czarc.net
Fri Nov 20 21:02:29 UTC 2009
On Friday 20 November 2009 13:30:12 Simo Sorce wrote:
> On Fri, 2009-11-20 at 12:23 -0600, Bruno Wolff III wrote:
> > On Fri, Nov 20, 2009 at 08:48:56 -0500,
> >
> > Simo Sorce <ssorce at redhat.com> wrote:
> > > On Fri, 2009-11-20 at 03:42 -0500, Jeff Garzik wrote:
> > > > On 11/20/2009 02:21 AM, Rudolf Kastl wrote:
> > > > > there are also inconsistencies between gui clickery and shell
> > > > > usage... simple example:
> > > > >
> > > > > click "shutdown" in gnome just does it in f12
> > > >
> > > >
> > > > Yeah, you can do that in F11 as well :(
> > > >
> > > > I agree, this needs protecting with a root password too.
> > >
> > >
> > > Jeff this is silly.
> > > Shutdown in console by default is perfectly fine, otherwise the user
> > > can simply push the power button.
> >
> >
> > I disagree. I don't want guests accidentally shutting down machines. If
> > they have to hit the power button it makes it a bit harder to do by
> > mistake. It isn't a huge deal, but I'd definitely prefer that the
> > shutdown/restart GUI stuff not work unless your authenticated as root.
>
> I understand your point, but this is really splitting hairs.
> In this case I think the default is fine because it is not a security
> issue (if you have console access). If you still don't like it you
> should change the default.
+1 ... shutdown is not a security issue for a user with local console access
and the same should apply to poweroff, halt, etc.
On the other hand, installing new or updated packages can be a security issue
and should require additional authentication such as root's password or
(perhaps) being in the wheel group or some selinux attribute.
>
> Now, I know that changing PolicyKit related defaults is not easy at the
> moment. But that's an issue of man hours, finding someone willing to
> build a desktop tool that allows you to easily see current policies and
> create local ones on the fly.
>
If the default is changed, then an easy-to-use gui tool is need to be
available to adjust / change / (perhaps) define policies at the same time that
that the policy change is made.
One thing I consider really annoying are "are you sure" "popups" when some
significant action (in the opinion of the developer) is done ... especially
when the "popup" cannot be disabled.
Gene
More information about the fedora-devel-list
mailing list