[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Wed, 2009-11-18 at 20:20 -0600, Mike McGrath wrote:
> On Wed, 18 Nov 2009, Jeff Garzik wrote:
> 
> > On 11/18/2009 07:45 PM, Mike McGrath wrote:
> > > Stick with the facts, be clear about what you're
> > > trying to accomplish (changing it back in F13?  Changing it back in F12?
> > > Setting a policy so stuff like this doesn't happen again?)
> >
> >
> > 1) We should recognize this new policy departs from decades of Unix and Linux
> > sysadmin experience.
> >
> > 2) F12 policy should be reverted to F11, ASAP.  Possibly with a CVE.
> >
> > 3) Due to #1, F13+ should not deviate from the decades-old default.
> >
> > 4) Release notes should explain new [and after step #2, optional] policy in
> > detail, including how to turn it off again.  Seth's laudable write-up efforts
> > should not have been necessary -- that info should be prepared.
> >
> > 5) The people who want this new security policy should add an opt-in checkbox
> > in Anaconda or firstboot.
> >
> 
> 
> Does anyone disagree with anything in 1-5?  It all sounds reasonable to
> me?

Agree 100% with 1-4 although I would find 5 optional if PackageKit can
have back the checkbox it has in F-11 to ask the user if it wants to let
it "remember" the authorization. If that's not possible then either 5 or
a control panel entry that let's you easily set the policy for a group,
so that the system administrator can choose which users will have this
privilege by adding them to a group.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]