Local users get to play root?
Jeff Garzik
jgarzik at pobox.com
Wed Nov 18 21:53:55 UTC 2009
On 11/18/2009 02:26 PM, Bob Arendt wrote:
> On 11/18/09 12:03, Konstantin Ryabitsev wrote:
>> 2009/11/18 Simo Sorce<ssorce at redhat.com>:
>>>> If I have physical access to your machine, I'll own it. I may have to
>>>> use tools to get to the HDD, but it's only a question of time and
>>>> dedication.
>>>
>>> *you* are not one of my users, and this has nothing to do with *you*
>>> hacking in my machine. If I have physical access to a machine I do not
>>> even care about what's installed on it. In 99% of the cases I will just
>>> be able to boot from a live cd. That's a completely different issue.
>>
>> Well, then we're violently agreeing about the same thing.
>>
>> Anyway. It doesn't look like this is a change in Fedora policy,
>> because it clearly caught everyone off-guard. Looks like PK developer
>> made an executive decision and it's up to us to either issue an update
>> to revert to the previous behaviour, or to continue debating whether
>> allowing local console users to install trusted software from trusted
>> repositories is a sane security trade-off.
>
> I haven't tried .. but does this this also include the capability for
> my grade-school child to *remove* software using their account?
> Like gcc? glibc? gdm? All fun activities ...
They sure can install all the naughty software you've forbidden on that
machine.
Jeff
More information about the fedora-devel-list
mailing list