[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Thursday 19 November 2009 09:09:15 pm James Morris wrote:
> On Thu, 19 Nov 2009, Owen Taylor wrote:
> > Among the decisions Richard made was allowing all users to install
> > signed packages from the Fedora repositories. This was clearly the right
> > behavior for the common case of a single-user system, where the only
> > user is also the administrator.
> 
> I don't think this is clearly the right behavior at all.
>
> ...
> 
> I think it's fair to say that having this happen as root would generally
> be worse than it happening as an unprivileged user.  For the latter, the
> attacker would need to also then succeed with a local privilege escalation
> attack to the same effect.

On the contrary. On the typical single user system, it's just as bad if an 
attacker can steal / delete / modify the user's files as it is if the attacker 
can modify / delete system files. Privilege escalation isn't needed to delete 
everything the single user cares about.

Regards,
-- 
Conrad Meyer <cemeyer u washington edu>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]