[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Wed, 2009-11-18 at 13:28 -0500, Seth Vidal wrote:
> 
> On Wed, 18 Nov 2009, Simo Sorce wrote:
> 
> > On Wed, 2009-11-18 at 13:10 -0500, Seth Vidal wrote:
> >>> Maybe you have a different concept of security, but I don't want any
> >> user on
> >>> the server installing software, no matter what.
> >>
> >> right - which is why I wouldn't install PK on a server.
> >>
> >> yum doesn't allow users to install pkgs, only root.
> >
> > Seth, the fact you prefer to use yum doesn't make it right to have an
> > insecure-by-default policy.
> >
> 
> I didn't say it did - I said it didn't make sense to have items like PK on 
> servers.

add "for me" and I can agree with you.

Note I also don't like to install "desktop grade" packages on servers,
but that's just a preference, and should in no way change the security
of the machine.

Conscious choices: +1
Insecure defaults: -1
Difficult to find out how to change insecure defaults: -10

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]