[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Local users get to play root?
- From: Jeremy Sanders <jeremy jeremysanders net>
- To: fedora-devel-list redhat com
- Subject: Re: Local users get to play root?
- Date: Thu, 19 Nov 2009 10:08:25 +0000
Jeff Garzik wrote:
> Even Microsoft Windows asks for elevated privileges for this sort of
> thing!
What I'd like to have is a comprehensive set of options that need to be
locked down in PolicyKit to get a secure system. It looks like there are
tons of potentially nasty options enabled by default, with little
information over what they do.
What does
org.freedesktop.devicekit.disks.filesystem-mount
do? Does this mean a console user can mount any file system, even non-
removable media?
Does org.fedoraproject.abrt.install-debuginfos mean that any console user
can fill up the root partition with debuginfo rpms?
Does org.freedesktop.RealtimeKit1.acquire-high-priority mean that any
console user can stop the rest of the system working by opening up lots of
realtime processes?
Who knows what org.freedesktop.devicekit.disks.change, “Modify a device”
does. Sounds nasty.
Can the user detach a system disk? org.freedesktop.devicekit.disks.drive-
detach
or start a fsck?
org.freedesktop.devicekit.disks.filesystem-check
I don't mind users being able to handle removable media, but I don't want
them messing around as sysadmin on system disks, changing timezones, etc...
Where is all this explained?
Jeremy
--
http://jeremysanders.net/
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]