Package Manager Denies Permission to Install
Kevin Kofler
kevin.kofler at chello.at
Wed Jan 21 09:57:59 UTC 2009
Kam Leo wrote:
> It's the person in front of the keyboard/clicking mouse that makes the
> difference. Throwing in a requirement to log in as a user just delays
> the inevitable.
The difference is malicious software running under your user account. I
can't really judge how serious a threat it is, also compared to other
threats such as malicious RPM scriptlets (which run as root), but it
definitely exists, and that's what the password prompts are supposed to
protect against.
Another thing to keep in mind is that when you authenticate as root to
PolicyKit, you do not start running stuff as root directly, you get
permissions for only some specific actions. If the permissions are
remembered, this means an entry in a sort of database which remembers that
you are allowed to do that specific action (e.g. update your system), in no
event does PolicyKit remember the root password in your user account or
remember something like "user X is allowed to do everything root can do".
Kevin Kofler
More information about the fedora-list
mailing list