Security policy oversight needed?
Simo Sorce
ssorce at redhat.com
Fri Nov 20 18:30:12 UTC 2009
On Fri, 2009-11-20 at 12:23 -0600, Bruno Wolff III wrote:
> On Fri, Nov 20, 2009 at 08:48:56 -0500,
> Simo Sorce <ssorce at redhat.com> wrote:
> > On Fri, 2009-11-20 at 03:42 -0500, Jeff Garzik wrote:
> > > On 11/20/2009 02:21 AM, Rudolf Kastl wrote:
> > > > there are also inconsistencies between gui clickery and shell usage...
> > > > simple example:
> > > >
> > > > click "shutdown" in gnome just does it in f12
> > >
> > > Yeah, you can do that in F11 as well :(
> > >
> > > I agree, this needs protecting with a root password too.
> >
> > Jeff this is silly.
> > Shutdown in console by default is perfectly fine, otherwise the user can
> > simply push the power button.
>
> I disagree. I don't want guests accidentally shutting down machines. If they
> have to hit the power button it makes it a bit harder to do by mistake.
> It isn't a huge deal, but I'd definitely prefer that the shutdown/restart
> GUI stuff not work unless your authenticated as root.
I understand your point, but this is really splitting hairs.
In this case I think the default is fine because it is not a security
issue (if you have console access). If you still don't like it you
should change the default.
Now, I know that changing PolicyKit related defaults is not easy at the
moment. But that's an issue of man hours, finding someone willing to
build a desktop tool that allows you to easily see current policies and
create local ones on the fly.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the fedora-devel-list
mailing list