Security policy oversight needed?
Richard Hughes
hughsient at gmail.com
Thu Nov 19 14:19:21 UTC 2009
2009/11/19 Chris Adams <cmadams at hiwaay.net>:
> Once upon a time, Richard Hughes <hughsient at gmail.com> said:
>> Sure, that's not an insane idea at all. I would imagine most network
>> admins worth their salt would be shipping custom PolicyKit overrides
>> in F12 anyway.
>
> If that is the Fedora expectation, then I expect a number of network
> admins will be choosing something other than Fedora.
If you're not shipping custom PolicyKit rules then at the moment
normal users can, without authentication:
* Grant high priority scheduling to a user process
* Connection sharing via a protected WiFi network
* Suspend the system
* Inhibit media detection
* Mount a device
* Restart the system
* Get information about system services
* Install debuginfos using abrt
* Enroll new fingerprints
If you're a network administrator you should be already setting
PolicyKit overrides for F10 and F11. It's basically the same for
Ubuntu too. You certainly shouldn't just be doing "yum update -y" on
every client machine...
Richard.
More information about the fedora-devel-list
mailing list