[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



Jeff Garzik wrote:

> Even Microsoft Windows asks for elevated privileges for this sort of
> thing!

What I'd like to have is a comprehensive set of options that need to be 
locked down in PolicyKit to get a secure system. It looks like there are 
tons of potentially nasty options enabled by default, with little 
information over what they do.

What does
org.freedesktop.devicekit.disks.filesystem-mount
do? Does this mean a console user can mount any file system, even non-
removable media?

Does org.fedoraproject.abrt.install-debuginfos mean that any console user 
can fill up the root partition with debuginfo rpms?

Does org.freedesktop.RealtimeKit1.acquire-high-priority mean that any 
console user can stop the rest of the system working by opening up lots of 
realtime processes?

Who knows what org.freedesktop.devicekit.disks.change, “Modify a device” 
does. Sounds nasty.

Can the user detach a system disk? org.freedesktop.devicekit.disks.drive-
detach

or start a fsck?
org.freedesktop.devicekit.disks.filesystem-check


I don't mind users being able to handle removable media, but I don't want 
them messing around as sysadmin on system disks, changing timezones, etc...

Where is all this explained?

Jeremy

-- 
http://jeremysanders.net/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]