Security policy oversight needed?

Simo Sorce ssorce at redhat.com
Thu Nov 19 15:58:58 UTC 2009


On Thu, 2009-11-19 at 11:15 +0000, Richard Hughes wrote:
> 2009/11/18 Chris Adams <cmadams at hiwaay.net>:
> > I would like to see this discussion separate from discussion about the
> > current issue with PackageKit.
> 
> That would be nice :)
> 
> The problem is who to target. If you call Fedora a desktop distro,
> then it makes perfect sense for local users to be able to shutdown the
> computer, suspend, change the system clock and install clipart without
> passwords, as long as it's done in a secure way.
> 
> If you call Fedora a server OS, then it shouldn't be shipping
> PackageKit at all, and should have most of the PolicyKit
> authentication actions defaulting to no.
> 
> So obviously we need some middle ground. I guess if the spins
> "personalise" the package set then they should also personalize the
> security defaults. e.g. a server spin would not include PackageKit at
> all, and default to not letting users change the time. A desktop spin
> would allow the desktop user to do most things without a administrator
> password. The tricky part is deciding a default policy that is
> suitable for all the people using Fedora, which honestly, I think is
> impossible.

If this is the metric then we probably need to split "Desktop" into at
least 2 categories:
- Personal Laptop (Netbook/etc ...)
- Workstation (or multi-seat desktop, etc...)

These 2 categories have very different security requirements and implied
"ownership".

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the fedora-devel-list mailing list