clock riddle
Matthias Clasen
mclasen at redhat.com
Tue Feb 24 14:50:24 UTC 2009
On Tue, 2009-02-24 at 08:18 -0600, Chris Adams wrote:
> Once upon a time, Chris Adams <cmadams at hiwaay.net> said:
> > What mechanism is there to keep track of these policies? There should
> > be a Fedora policy to control RPMs adding new policies to PolicyKit. As
> > a system admin, I look for setuid/setgid binaries and open sockets, but
> > now there's a new method to bypass that for root-level access.
>
> As a follow-up, I see on F10 that a user can also increase their process
> priority level (which is normally a privilege reserved for root). This
> is often useful in timing attacks and should not be allowed.
>
> If I'm reading the policy right, users can change PackageKit proxy
> settings and force a refresh of metadata. How much has PackageKit's
> (and yum's) code been audited for security? If I can point it at a
> proxy and force it to download data, how secure is it against attack
> (e.g. via corrupted data)?
>
Can we please try to stay realistic here.
We are talking about default settings for a desktop system, where users
are expected to be able to update their systems.
More information about the fedora-test-list
mailing list