PackageKit policy: background and plans
Matthew Garrett
mjg at redhat.com
Fri Nov 20 14:34:05 UTC 2009
On Fri, Nov 20, 2009 at 04:09:15PM +1100, James Morris wrote:
> Many users limit their use of the root account to essential system
> maintenance, and run general purpose applications as a regular
> unprivileged user.
I know basically nobody who, on a generally single user system,
explicitly switches to a console to log in as root and perform package
installs there. If you're not doing that then the issue is basically
moot - a user-level compromise will become a root-level compromise the
next time you run anything as root.
> - The local session has a new means to execute in a high privilege
> context, i.e. that which is required to install the system itself.
> This is a problem alone -- everything which runs in this context is
> now a prime attack target.
I don't think I'd agree with that. The common case for F10 and F11 will
be for people to have installed a package once with the root password
and then ticked the "Remember authentication" box. At that point, we
have the same security exposure as we do with F12 (again, concentrating
on the single-user machine case).
I definitely agree that there's a whole range of cases where this isn't
the behaviour you want. But for the vast majority of our users, I don't
think there's a real security issue here.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the fedora-devel-list
mailing list