[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

On 11/18/2009 04:10 PM, Casey Dahlin wrote:
> On 11/18/2009 03:06 PM, Peter Jones wrote:
>> On 11/18/2009 02:35 PM, Casey Dahlin wrote:
>>> On 11/18/2009 02:32 PM, Casey Dahlin wrote:
>>>> On 11/18/2009 01:19 PM, Konstantin Ryabitsev wrote:
>>>>> I may be wrong, but I understand that this behaviour of
>>>>> PackageKit only applies to users with direct console access
>>>>> (i.e. not remote shells). So, only users that are logged in
>>>>> via GDM or TTY would be able to perform such tasks.
>>>> That's a silly thing to imply we can control. Just because
>>>> firefox is running on a local console doesn't mean that a
>>>> vulnerability therein has not allowed it to be ultimately
>>>> controlled from elsewhere.
>>>> --CJD
>>> Addendum: Why do you think sudo would ask an already-logged-in
>>> user for his password?
>> Because the config file says to.
> Good sort of answer when speaking about chickens and roads. A bit too
> existential for system administration though.

You've sortof missed my point here, which isn't a big surprise since I
left a lot of space to figure it out in.

root added your name to /etc/sudoers.  She might have put:


but apparently instead she put:


If sudo is asking you for a password, it's because somebody intentionally
made a choice for it to do so, in the config file. It's not some kind of
accident. It's not some global policy because of a universal truth, as you
seem to think. It's a choice somebody made when they put your name in

(Read what you will as to how this is relevant to our current predicament.)


Computers don't make errors.  What they do, they do on purpose.
		-- Dale

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]