[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Thursday 19 November 2009 14:05:01 Richard Hughes wrote:
> 2009/11/19 Jeff Garzik <jgarzik pobox com>:
> > 1) We should recognize this new policy departs from decades of Unix and
> > Linux sysadmin experience.
> 
> Sure, it's different. It doesn't make it wrong.
> 
> > 2) F12 policy should be reverted to F11, ASAP.  Possibly with a CVE.
> 
> PolicyKit in F12 doesn't have the auth_admin (and save forever to
> disk) functionality that F11 did. I think what we have in F12 is much
> more usable, perhaps trading off with the perceived loss of control. I
> say perceived as actually typing in a root password doesn't actually
> make the system any more secure at all, less if anything.
> 
> > 3) Due to #1, F13+ should not deviate from the decades-old default.
> 
> Using that argument, we can just keep using GTK tools written in
> python, that use consolehelper to run 2 million lines of code as the
> root user on the users session. How wonderful.
> 
> > 4) Release notes should explain new [and after step #2, optional] policy
> > in detail, including how to turn it off again.  Seth's laudable write-up
> > efforts should not have been necessary -- that info should be prepared.
> 
> Sure, in retrospect I should have made a lot more noise in the release
> notes, which I apologise for. The reason people didn't notice earlier
> was because rawhide is unsigned, and hence all PackageKit operations
> required the root password, even updating.
> 
> > 5) The people who want this new security policy should add an opt-in
> > checkbox in Anaconda or firstboot.
> 
> Err, I don't think this is how we want to brand the desktop spin.
> Other spins just need to ship different defaults for all the other
> PolicyKit daemons too.

I completely agree - other spins should select own defaults - but then you 
can't hide other spins but let users actual choose the right one. Instead 
saying - this is default spin, you should download this one, we have to state 
that this spin is for home desktop users, then we should have workstation spin 
on the same page, server spin, advanced kde desktop spin so users actually 
could select the correct one for their task. With website redesign - to match 
needs of home users - we are promoting Desktop spin as default Fedora - that's 
not true anymore.

Jaroslav

> Also, we've not made this change upstream lightly. We've got upstream
> review and policy documents which you might find useful:
> 
> http://cgit.freedesktop.org/packagekit/plain/docs/security.txt
> http://cgit.freedesktop.org/packagekit/plain/docs/setting-the-proxy.txt
> http://cgit.freedesktop.org/packagekit/plain/policy/org.freedesktop.package
> kit.policy.in
> 
> Richard.
> 

-- 
Jaroslav Řezník <jreznik redhat com>
Associate Software Engineer - Base Operating Systems Brno

Office: +420 532 294 275
Mobile: +420 731 455 332
Red Hat, Inc.                               http://cz.redhat.com/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]