Local users get to play root?
Richard W.M. Jones
rjones at redhat.com
Wed Nov 18 20:00:08 UTC 2009
On Wed, Nov 18, 2009 at 11:18:28PM +0530, Rahul Sundaram wrote:
> On 11/18/2009 11:19 PM, nodata wrote:
>
> >
> > Thanks. I have changed the title to:
> > "All users get to install software on a machine they do not have the
> > root password to"
>
> .. if the packages are signed and from a signed repository. So, you left
> out the important part. Explain why this is a problem in a bit more
> detail.
They can install a package with a known local root exploit?
They can install lots of packages are fill up all the disk space?
They can install commands that the owner of the machine doesn't want?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the fedora-devel-list
mailing list