Local users get to play root?
Bob Arendt
rda at rincon.com
Wed Nov 18 19:26:28 UTC 2009
On 11/18/09 12:03, Konstantin Ryabitsev wrote:
> 2009/11/18 Simo Sorce<ssorce at redhat.com>:
>>> If I have physical access to your machine, I'll own it. I may have to
>>> use tools to get to the HDD, but it's only a question of time and
>>> dedication.
>>
>> *you* are not one of my users, and this has nothing to do with *you*
>> hacking in my machine. If I have physical access to a machine I do not
>> even care about what's installed on it. In 99% of the cases I will just
>> be able to boot from a live cd. That's a completely different issue.
>
> Well, then we're violently agreeing about the same thing.
>
> Anyway. It doesn't look like this is a change in Fedora policy,
> because it clearly caught everyone off-guard. Looks like PK developer
> made an executive decision and it's up to us to either issue an update
> to revert to the previous behaviour, or to continue debating whether
> allowing local console users to install trusted software from trusted
> repositories is a sane security trade-off.
I haven't tried .. but does this this also include the capability for
my grade-school child to *remove* software using their account?
Like gcc? glibc? gdm? All fun activities ...
More information about the fedora-devel-list
mailing list