PackageKit policy: background and plans
Peter Jones
pjones at redhat.com
Mon Nov 23 19:13:53 UTC 2009
On 11/23/2009 01:24 PM, Gregory Maxwell wrote:
> I haven't tried the the fast user switching in fedora... Hopefully it is
> using some kernel mode secure path to prevent users from stealing each others
> credentials, if it isn't then one should be established for it. Why not use the
> same facility to switch to a system administration desktop, locked down a bit by
> default (use SE linux to make various unsafe user tasks like firefox,
> open office, etc unable to run in this admin context) to discourage
> casual use.
Wait, you're arguing for this *instead* of finer-grained elevations of privilege
governed by policy files which can be locally overridden safely?
> Surely this would be preferable to reducing the security against
> common casual threats.
I think you've characterized things backwards here.
--
Peter
More information about the fedora-devel-list
mailing list