Local users get to play root?

Chris Adams cmadams at hiwaay.net
Thu Nov 19 14:45:41 UTC 2009


Once upon a time, Richard Hughes <hughsient at gmail.com> said:
> 2009/11/19 Chris Adams <cmadams at hiwaay.net>:
> > So there are no packages in releases/12/Everything that have privilege
> > escalation bugs?  All I have to do is wait for one to be found, and I
> > have a signed path to root.  Even if the package is fixed in updates, I
> > just have to have a custom updates repo without it.
> 
> No, that won't work either. In PackageKit parlance "installing a
> package" is installing a package that does not already exist on the
> computer. You can't downgrade (or upgrade) packages using the
> PackageKit InstallPackages() method.

That only matters if you install every package in the repo, which I
don't think many people do.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the fedora-devel-list mailing list