PackageKit policy: background and plans
Matthew Garrett
mjg at redhat.com
Fri Nov 20 15:24:41 UTC 2009
On Fri, Nov 20, 2009 at 09:38:43AM -0500, Fulko Hew wrote:
> I do! And I tell everyone else too, so they learn/understand the
> difference
> between 'god' and a 'mere mortal user' (ie. root and anyone else).
Actually, thinking about it, even this isn't sufficient. An attacker
could change the ctrl+alt+F* bindings and use them to pop up a
full-screen window that looks like the console. So you'd also need to
set up securetty to ensure that root can only log in on real consoles.
I really don't see this being a security issue in the common single-user
case.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the fedora-devel-list
mailing list