[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?

On Thu, Nov 19, 2009 at 11:42 AM, Jesse Keating <jkeating redhat com> wrote:
> We have a server spin, and it's boot.iso/netinst.iso.  And no, I am not
> joking.  Servers are installed by starting with the smallest possible
> package set to get the system booted and on the network, then adding the
> specific functionality you want the server to perform, such as http
> server, or mail server.  Nothing more.  It is the very essence of start
> from nothing, add what you want.

...add what you want, and have PolicyKit pulled in as a dependency.

When this discussion came up I tried doing a yum erase PolicyKit on
one of my systems and had it offer to remove some 372 package,
including xorg-x11-drivers.

I don't mind at all that I have to type my administrator password in
to do root privileged things on my desktop or laptop. I don't want the
normal security model to be circumvented in odd ways.

And I really wanted a batteries-not-included server I'd install gentoo.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]