Local users get to play root?
nodata
lsof at nodata.co.uk
Wed Nov 18 18:21:52 UTC 2009
Am 2009-11-18 19:18, schrieb Colin Walters:
> Hi,
>
> On Wed, Nov 18, 2009 at 12:08 PM, nodata<lsof at nodata.co.uk> wrote:
>> Yikes! When was it decided that non-root users get to play root?
>
> This is hardly the first "uid 0" operation we've granted users access
> to in the operating system, and it won't be the last. For example, on
> a timesharing Unix system, non-uid 0 can't reboot the machine, but
> it's clearly silly to ask for a root password to reboot for the
> unmanaged case, so years ago the "consolehelper" system was added, and
> that privilege is currently given to users at a physical display for
> the machine.
>
> We've used the "console" concept as our only tool in this respect for
> a long time, and PolicyKit will ultimately replace all of it with a
> far more fine grained system.
>
> So you raise a reasonable issue, which is how do you know when the
> defaults change, or new privileges are added? We don't have a very
> good system for that now; ideally we would detect when new packages
> are added to @gnome-desktop that include PolicyKit policies, and use
> that as a basis for release notes type of thing.
>
> But, bottom line, if you're administering a Fedora-derived desktop,
> you will need to get familiar with PolicyKit, and you may need to
> tweak the defaults, which are more targeted for the self-managed case.
>
This is a major change. I vote for secure by default.
If the admin wishes this "surprise-root" feature to be enabled he can
enable it.
More information about the fedora-devel-list
mailing list