[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On 11/18/2009 06:49 PM, Seth Vidal wrote:


On Wed, 18 Nov 2009, Jon Ciesla wrote:

nodata wrote:
Am 2009-11-18 18:08, schrieb nodata:
Yikes! When was it decided that non-root users get to play root?

Ref:
https://bugzilla.redhat.com/show_bug.cgi?id=534047

This is horrible!


Just to elaborate:

A local user is allowed to install software on the machine without
being prompted for the root password.

This is a recipe for disaster in my opinion.

So much for granting shell access on my servers. . .

You have PackageKit installed on servers? really?

Why shouldn't he? AFAIK there is nothing in the package warning users not to install this on a server.

What is the appropriate way to audit this kind of stuff? Presuming that PackageKit uses PolicyKit to aquire the necessary privileges is there a way to query PolicyKit and ask "show me all instances where a process can acquire root privileges without being asked for a password"?

I don't think it's a good idea to rely on admins knowing the magic handshake (or in this case the magic package list of dangerous apps) for security.

Regards,
  Dennis


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]