Local users get to play root?
nodata
lsof at nodata.co.uk
Wed Nov 18 18:42:51 UTC 2009
Am 2009-11-18 19:23, schrieb Seth Vidal:
>
>
> On Wed, 18 Nov 2009, nodata wrote:
>
>> Am 2009-11-18 19:18, schrieb Colin Walters:
>>
>> This is a major change. I vote for secure by default.
>>
>> If the admin wishes this "surprise-root" feature to be enabled he can
>> enable it.
>
> I'm not sure how this is 'surprise root'. IT will only allow installs of
> pkgs signed with a key you trust from a repo you've setup.
>
> which pretty much means: if the admin trusts the repo, then it is okay.
Err no. Admins trusts software he has chosen to install from the repo. I
definitely don't want a user configuring an ftp server or running
anything with a cronjob on a server I look after.
If software starts running on a server that I didn't put there, it gets
taken offline.
But this is missing the point! PackageKit != non-server, abandon the
defaults.
> if the admin doesn't trust the repo it should NOT be on the box and
> enabled b/c an untrusted repo can nuke your entire world.
It's not about trusting a repo, it's about trusting the user.
More information about the fedora-devel-list
mailing list