[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Verily I say unto thee, that Seth Vidal spake thusly:
> On Wed, 18 Nov 2009, nodata wrote:

>> This is a major change. I vote for secure by default.
>> If the admin wishes this "surprise-root" feature to be enabled he
>> can enable it.
> I'm not sure how this is 'surprise root'. IT will only allow installs
> of pkgs signed with a key you trust from a repo you've setup.
> which pretty much means: if the admin trusts the repo, then it is
> okay.

You mean a trusted repo like this (serious question)?:

Last week we discovered that some Fedora servers were illegally
accessed. The intrusion into the servers was quickly discovered, and the
servers were taken offline.


One of the compromised Fedora servers was a system used for signing
Fedora packages. However, based on our efforts, we have high confidence
that the intruder was not able to capture the passphrase used to secure
the Fedora package signing key.


Did the review process for this fundamental change in Fedora's security,
consider the impact of what could easily have been a serious compromise
to the primary repos.

Combine a potential worst-case outcome in the above incident, with root
privileges to unauthorised users installing or upgrading packages, and
the result is a disaster on several levels, not least of which is the PR
impact for Red Hat.

Will someone at Fedora start taking this issue seriously soon?

Keith G. Robertson-Turner

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]