Local users get to play root?

James Morris jmorris at namei.org
Sat Nov 21 02:41:59 UTC 2009


On Fri, 20 Nov 2009, Bill Nottingham wrote:

> Benny Amorsen (benny+usenet at amorsen.dk) said: 
> > > If there are pkgs which run daemons which are defaulting to ON when
> > > installed or on next reboot - then we should be auditing those pkgs.
> > > Last I checked we default to OFF and that should continue to be the
> > > case.
> > 
> > Is there a blanket prohibition on daemons defaulting to ON or are some
> > (presumably considered vital) daemons exempt? I ask because cronie
> > defaults to ON.
> 
> It's not a blanket prohibition. (See also opensshd, rsyslog, etc.)

IOW, a typical user really has no idea what "install signed fedora 
packages" means in terms of security. 

It doesn't matter how good the GUI looks and operates if people can't 
understand what it means.



- James
-- 
James Morris
<jmorris at namei.org>




More information about the fedora-devel-list mailing list