[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Fri, Nov 20, 2009 at 04:09:15PM +1100, James Morris wrote:

> Many users limit their use of the root account to essential system 
> maintenance, and run general purpose applications as a regular 
> unprivileged user.

I know basically nobody who, on a generally single user system, 
explicitly switches to a console to log in as root and perform package 
installs there. If you're not doing that then the issue is basically 
moot - a user-level compromise will become a root-level compromise the 
next time you run anything as root.

>  - The local session has a new means to execute in a high privilege 
>    context, i.e. that which is required to install the system itself.  
>    This is a problem alone -- everything which runs in this context is 
>    now a prime attack target.

I don't think I'd agree with that. The common case for F10 and F11 will 
be for people to have installed a package once with the root password 
and then ticked the "Remember authentication" box. At that point, we 
have the same security exposure as we do with F12 (again, concentrating 
on the single-user machine case).

I definitely agree that there's a whole range of cases where this isn't 
the behaviour you want. But for the vast majority of our users, I don't 
think there's a real security issue here.

-- 
Matthew Garrett | mjg59 srcf ucam org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]