[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



2009/11/19 Chris Adams <cmadams hiwaay net>:
> Once upon a time, Richard Hughes <hughsient gmail com> said:
>> Sure, that's not an insane idea at all. I would imagine most network
>> admins worth their salt would be shipping custom PolicyKit overrides
>> in F12 anyway.
>
> If that is the Fedora expectation, then I expect a number of network
> admins will be choosing something other than Fedora.

If you're not shipping custom PolicyKit rules then at the moment
normal users can, without authentication:

* Grant high priority scheduling to a user process
* Connection sharing via a protected WiFi network
* Suspend the system
* Inhibit media detection
* Mount a device
* Restart the system
* Get information about system services
* Install debuginfos using abrt
* Enroll new fingerprints

If you're a network administrator you should be already setting
PolicyKit overrides for F10 and F11. It's basically the same for
Ubuntu too. You certainly shouldn't just be doing "yum update -y" on
every client machine...

Richard.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]