[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



2009/11/18 Simo Sorce <ssorce redhat com>:
>> If I have physical access to your machine, I'll own it. I may have to
>> use tools to get to the HDD, but it's only a question of time and
>> dedication.
>
> *you* are not one of my users, and this has nothing to do with *you*
> hacking in my machine. If I have physical access to a machine I do not
> even care about what's installed on it. In 99% of the cases I will just
> be able to boot from a live cd. That's a completely different issue.

Well, then we're violently agreeing about the same thing.

Anyway. It doesn't look like this is a change in Fedora policy,
because it clearly caught everyone off-guard. Looks like PK developer
made an executive decision and it's up to us to either issue an update
to revert to the previous behaviour, or to continue debating whether
allowing local console users to install trusted software from trusted
repositories is a sane security trade-off.

Regards,
-- 
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]