Upcoming Fedora Test Days ... DeviceKit and XFCE
Adam Williamson
awilliam at redhat.com
Mon Mar 16 19:19:53 UTC 2009
On Sat, 2009-03-14 at 14:39 -0600, Michal Jaegermann wrote:
> On Fri, Mar 13, 2009 at 05:50:58PM -0400, James Laska wrote:
> >
> > = DeviceKit =
> >
> > Ever notice how the graphical disk management functionality present
> > during a Fedora installation is not available after you've installed
> > your system?
> >
> > <Enter DeviceKit on stage left>
>
> AFAICS this is the next big security disaster in the making.
> Something on par with this broken clock access via clock-applet or
> maybe even worse. It is not apparent how to prevent totally screwed
> defaults from taking over.
>
> The problem is that all partitions from the _fixed_ media become
> available for scribbling, through a "Computer" browser, for anyone
> with a login on a desktop. Some of these, apparently at random, are
> even automounted (and spill a garbage with such descriptive names
> like "260 MB Filesystem" all over a desktop). It looks like that
> the only "security" model considered is "one user per machine and
> preferably as root or at least with a root access". Somebody spent
> much too much time on Windows and never heard words like a "backup",
> "another installation", "limited access", etc.
>
> Expect the same "swift reaction", or rather a total lack of it,
> as in a clock-applet case.
-devel may be a better place to discuss this, I think.
The security model for DeviceKit is 'use PolicyKit'. DeviceKit uses the
policies set by PolicyKit to regulate access to storage devices. If you
want a restrictive policy on such access, set it up in PolicyKit.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the fedora-test-list
mailing list