Local users get to play root?
Richard Hughes
hughsient at gmail.com
Thu Nov 19 14:39:13 UTC 2009
2009/11/19 Chris Adams <cmadams at hiwaay.net>:
> So there are no packages in releases/12/Everything that have privilege
> escalation bugs? All I have to do is wait for one to be found, and I
> have a signed path to root. Even if the package is fixed in updates, I
> just have to have a custom updates repo without it.
No, that won't work either. In PackageKit parlance "installing a
package" is installing a package that does not already exist on the
computer. You can't downgrade (or upgrade) packages using the
PackageKit InstallPackages() method.
Richard.
More information about the fedora-devel-list
mailing list