Local users get to play root?

Bill Nottingham notting at redhat.com
Thu Nov 19 00:23:39 UTC 2009


Jeff Garzik (jgarzik at pobox.com) said: 
> Sorry, but this default (desktop users can install pkgs without
> root) is just stupid.  It is antithetical to all standard security
> models that have come before in Fedora and other Linux
> distributions.

Out of the box, a desktop user has the ability to shut down the machine.
This gives them the ability, out of the box, to:
- DoS everyone on it
- get a root shell
-- install whatever they want
-- put viruses on
- hell, slap in a livecd or USB key and reinstall the box

It's a behavior change, for sure. For people who want to lock down their
systems, it's a default they will need to be able to change, and they
should have been able to discover it through the normal mechanisms for
that. (i.e., the release notes.). It likely should have been discussed
when it was introduced - it's obviously not something that's applicable
to all usage cases for the OS.

But really, given that users out of the box can do *far far worse*, I'm
not seeing the 'shameful', 'antithetical', OMG THE SKY IS FALLING AND
YOU ALL SHOULD BE DRAWN AND QUARTERED sort of angst. Maybe people are
tired of bagging tea and want new things to be outraged about.

Bill




More information about the fedora-devel-list mailing list