[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Once upon a time, Rahul Sundaram <sundaram fedoraproject org> said:
> .. if the packages are signed and from a signed repository. So, you left
> out the important part. Explain why this is a problem in a bit more
> detail.

Fedora has made a big push into the multi-user desktop (which many home
computers are now) with things like fast user switching.  In many such
setups, not all users are considered "administrators" of the system
(think parents and kids for example).  However, Fedora continues to slip
in (with no announcement and no documentation on how to change) things
that allow the console user to be an administrator without any
additional authentication.

The answer here has been "well root should lock it down".  With the
ever-increasing complexity of the system, it is becoming more difficult
than ever to find (or even know about) all of the ways a system musth be
locked down.  "find / -perm +6000" doesn't cut it anymore, but there's
no documentation of all the ways a regular user can do administrative
tasks without an administrative password.

It seems the latest way of doing this is via PolicyKit.  IMHO all
PolicyKit configuration should be "secure by default", and then desktop
spins can include overrides in /etc to loosen-up security where desired.
This would also make it much easier to find and clearer to see what
might should be changed for local policy.

Right now, I see files /usr/share/PolicyKit/policy; I guess that's where
this kind of thing comes from.  How do I override the settings in one of
these files?  None of them are marked "config", so I guess I don't edit
them.  Are there other places such policy can be set?

Chris Adams <cmadams hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]