Local users get to play root?

nodata lsof at nodata.co.uk
Wed Nov 18 18:39:44 UTC 2009


Am 2009-11-18 19:28, schrieb Seth Vidal:
>
>
> On Wed, 18 Nov 2009, Simo Sorce wrote:
>
>> On Wed, 2009-11-18 at 13:10 -0500, Seth Vidal wrote:
>>>> Maybe you have a different concept of security, but I don't want any
>>> user on
>>>> the server installing software, no matter what.
>>>
>>> right - which is why I wouldn't install PK on a server.
>>>
>>> yum doesn't allow users to install pkgs, only root.
>>
>> Seth, the fact you prefer to use yum doesn't make it right to have an
>> insecure-by-default policy.
>>
>
> I didn't say it did - I said it didn't make sense to have items like PK
> on servers.
>

It doesn't make sense to define the security setup of a machine based on 
"oh well packagekit is installed, so it must be a desktop machine for 
which there is one or maybe two primary users who are all trusted to 
decide if they want to install software".

The fact is that there is quite a lot of badly written software that 
requires X to install. In fact, Red Hat's documentation tends to assume 
that X is installed by default. So do Red Hat's courses. And even their 
toolset. Ever used system-config-lvm-tui? No, it doesn't exist.

If X is there, PackageKit is there. The claimed link between the 
intended use and security profile of a machine depending on whether 
PackageKit is installed makes no sense.

It doesn't matter if I or you prefer @core on our servers, the customers 
want X because they're new to Linux and feel comfortable with it. They 
won't have some arcane knowledge about the disconnect between yum and 
rpm with packagekit, and how sometimes you have to be root, sometimes 
you don't.

Secure by default please, otherwise turn off selinux by default.




More information about the fedora-devel-list mailing list