clock riddle
Chris Adams
cmadams at hiwaay.net
Tue Feb 24 14:55:20 UTC 2009
Once upon a time, Matthias Clasen <mclasen at redhat.com> said:
> On Tue, 2009-02-24 at 08:18 -0600, Chris Adams wrote:
> > If I'm reading the policy right, users can change PackageKit proxy
> > settings and force a refresh of metadata. How much has PackageKit's
> > (and yum's) code been audited for security? If I can point it at a
> > proxy and force it to download data, how secure is it against attack
> > (e.g. via corrupted data)?
>
> Can we please try to stay realistic here.
> We are talking about default settings for a desktop system, where users
> are expected to be able to update their systems.
What is unrealistic about possible security attacks on the system?
Actually updating the system requires root access; why do changing the
proxy server and refreshing metadata not?
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the fedora-test-list
mailing list