[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Verily I say unto thee, that Bill Nottingham spake thusly:
> Jeff Garzik (jgarzik pobox com) said:
>> Sorry, but this default (desktop users can install pkgs without 
>> root) is just stupid.  It is antithetical to all standard security 
>> models that have come before in Fedora and other Linux 
>> distributions.
> Out of the box, a desktop user has the ability to shut down the
> machine. This gives them the ability, out of the box, to:
> - DoS everyone on it
> - get a root shell
> -- install whatever they want
> -- put viruses on
> - hell, slap in a livecd or USB key and reinstall the box

The desktop users on my network might have difficulty doing any of those
things, since their "desktop" access is via VNC tunnelled through ssh.

However, now it seems they can arbitrarily install software into /usr,
on a server that is (for some of them) in a foreign country, because of
something called PackageKit.

Can you see why I might not like that situation?

> It's a behavior change, for sure.

Yes. It's changed the behaviour of my server from trusted to untrusted.

> For people who want to lock down their systems, it's a default they
> will need to be able to change

In spam terms, that's what they call "opt-out".

I don't like that much either.

> and they should have been able to discover it through the normal
> mechanisms for that. (i.e., the release notes.).

Timely discovery of an unacceptable condition, does not somehow make
that condition any more acceptable.


It didn't fall.
It was pushed.

> Maybe people are tired of bagging tea and want new things to be
> outraged about.

Yes, maybe complaining about the subversion of 40 years of UNIX security
is being somewhat petty.

Keith G. Robertson-Turner

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]