Local users get to play root?
Kevin Kofler
kevin.kofler at chello.at
Thu Nov 19 03:08:04 UTC 2009
nodata wrote:
> It doesn't make sense to define the security setup of a machine based on
> "oh well packagekit is installed, so it must be a desktop machine for
> which there is one or maybe two primary users who are all trusted to
> decide if they want to install software".
And the irony in all this is that this "the security requirements of the
machine are defined by what packages are, or rather are not, installed"
assumption is exactly what makes this very "feature" such a security risk!
Kevin Kofler
More information about the fedora-devel-list
mailing list