PackageKit policy: background and plans
James Morris
jmorris at namei.org
Sat Nov 21 02:19:12 UTC 2009
On Fri, 20 Nov 2009, Matthew Garrett wrote:
> I know basically nobody who, on a generally single user system,
> explicitly switches to a console to log in as root and perform package
> installs there.
This is how I started doing things in 1993, although I changed to sudo a
few years back.
> > - The local session has a new means to execute in a high privilege
> > context, i.e. that which is required to install the system itself.
> > This is a problem alone -- everything which runs in this context is
> > now a prime attack target.
>
> I don't think I'd agree with that. The common case for F10 and F11 will
> be for people to have installed a package once with the root password
> and then ticked the "Remember authentication" box. At that point, we
> have the same security exposure as we do with F12 (again, concentrating
> on the single-user machine case).
I never tick those boxes. I'd like to know how to get rid of them
entirely.
> I definitely agree that there's a whole range of cases where this isn't
> the behaviour you want. But for the vast majority of our users, I don't
> think there's a real security issue here.
Are we moving toward a model where the user and the administrator are no
longer really separated? Things seem to be regressing according to
whatever use-case some desktop developer thinks is important at the time.
- James
--
James Morris
<jmorris at namei.org>
More information about the fedora-devel-list
mailing list