[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On 11/18/2009 07:05 PM, Seth Vidal wrote:


On Wed, 18 Nov 2009, Dennis J. wrote:

You have PackageKit installed on servers? really?

Why shouldn't he? AFAIK there is nothing in the package warning users
not to install this on a server.

like I said in another email - I think of installing things on servers
as 'barest minimal' and then adding things I require. Nothing else.

Maybe I'm in the minority.

In fact I agree with you but this doesn't really address my point.
How do you make sure the packages that are part of your minimal list don't introduce such a backdoor with the next update? I think the existence of PolicyKit actually could allow us to query it in the way i mentioned in my previous mail and get a quick picture of the privileges applications have access to. Consider it the PK equivalent of scanning your filesystems for setuid files.

Regards,
  Dennis


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]