Local users get to play root?
Dennis J.
dennisml at conversis.de
Wed Nov 18 18:25:00 UTC 2009
On 11/18/2009 07:05 PM, Seth Vidal wrote:
>
>
> On Wed, 18 Nov 2009, Dennis J. wrote:
>
>>> You have PackageKit installed on servers? really?
>>
>> Why shouldn't he? AFAIK there is nothing in the package warning users
>> not to install this on a server.
>
> like I said in another email - I think of installing things on servers
> as 'barest minimal' and then adding things I require. Nothing else.
>
> Maybe I'm in the minority.
In fact I agree with you but this doesn't really address my point.
How do you make sure the packages that are part of your minimal list don't
introduce such a backdoor with the next update?
I think the existence of PolicyKit actually could allow us to query it in
the way i mentioned in my previous mail and get a quick picture of the
privileges applications have access to. Consider it the PK equivalent of
scanning your filesystems for setuid files.
Regards,
Dennis
More information about the fedora-devel-list
mailing list