[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans

On 11/20/2009 10:04 AM, Matthew Garrett wrote:
I know basically nobody who, on a generally single user system,
explicitly switches to a console to log in as root and perform package
installs there. If you're not doing that then the issue is basically
moot - a user-level compromise will become a root-level compromise the
next time you run anything as root.

I do that on critical workstations because a long time ago an old (fixed) bug killed my X session when updating and messed my system, so I do not trust too much updating base X components using a GUI. on my personal systems, yes I use the GUI method

  - The local session has a new means to execute in a high privilege
    context, i.e. that which is required to install the system itself.
    This is a problem alone -- everything which runs in this context is
    now a prime attack target.

I don't think I'd agree with that. The common case for F10 and F11 will
be for people to have installed a package once with the root password
and then ticked the "Remember authentication" box. At that point, we
have the same security exposure as we do with F12 (again, concentrating
on the single-user machine case).

I definitely agree that there's a whole range of cases where this isn't
the behaviour you want. But for the vast majority of our users, I don't
think there's a real security issue here.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]