Local users get to play root?
Jeff Spaleta
jspaleta at gmail.com
Thu Nov 19 00:43:08 UTC 2009
On Wed, Nov 18, 2009 at 3:35 PM, Eric Christensen
<eric at christensenplace.us> wrote:
> PackageKit is something right there on the desktop that, to its credit,
> needs little knowledge to use whereas many of your attack vectors noted
> above are generally fixed in my shop by use of a kickstart and securing
> the box from physical access and require a higher skill to perform.
So can't you harden this with a kickstart file line like you do in
your other hardening steps in your shop? I think to point Bill is
trying to make is that there are of a number of other settings that
need to be hardened and that this choice is just one of many choices
associated with security associated with a console user. Console user
security is already a leaky ship and PK is just one more hole.
-jef
More information about the fedora-devel-list
mailing list