Fedora Core 4 Test Update: NetworkManager-0.5.1-1.FC4.1
David Woodhouse
dwmw2 at infradead.org
Tue Jan 10 17:08:51 UTC 2006
On Tue, 2006-01-10 at 11:59 -0500, Christopher Aillon wrote:
> Well, we live in the real world, not the linux world. For example, on
> my personal, privately owned laptop, I want to access Red Hat's VPN and
> its WEP keys. I store my keys in the keyring. It is not unreasonable
> for me to allow my sister, or my girlfriend, or whatnot to use my laptop
> at times. However, they do not get access to Red Hat's internal
> network. They have their own unpriveledged user accounts on my laptop.
> I don't see how this is an unreasonable situation in the real world.
Yet those people, if they have accounts on your laptop, _can_ access Red
Hat's internal network any time your laptop is connected. Because you
haven't set up iptables to do per-user filtering, have you?
And anyway, I'm not suggesting that you shouldn't support the esoteric
case of people kidding themselves that per-user keys are actually
meaningful. I'm suggesting that you shouldn't _enforce_ that bizarre
view; that you should at least make some allowance for the _normal_
case, which is per-system keys.
--
dwmw2
More information about the fedora-test-list
mailing list