[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



On Fri, 2009-11-20 at 12:23 -0600, Bruno Wolff III wrote:
> On Fri, Nov 20, 2009 at 08:48:56 -0500,
>   Simo Sorce <ssorce redhat com> wrote:
> > On Fri, 2009-11-20 at 03:42 -0500, Jeff Garzik wrote:
> > > On 11/20/2009 02:21 AM, Rudolf Kastl wrote:
> > > > there are also inconsistencies between gui clickery and shell usage...
> > > > simple example:
> > > >
> > > > click "shutdown" in gnome just does it in f12
> > > 
> > > Yeah, you can do that in F11 as well :(
> > > 
> > > I agree, this needs protecting with a root password too.
> > 
> > Jeff this is silly.
> > Shutdown in console by default is perfectly fine, otherwise the user can
> > simply push the power button.
> 
> I disagree. I don't want guests accidentally shutting down machines. If they
> have to hit the power button it makes it a bit harder to do by mistake.
> It isn't a huge deal, but I'd definitely prefer that the shutdown/restart
> GUI stuff not work unless your authenticated as root.

I understand your point, but this is really splitting hairs.
In this case I think the default is fine because it is not a security
issue (if you have console access). If you still don't like it you
should change the default.

Now, I know that changing PolicyKit related defaults is not easy at the
moment. But that's an issue of man hours, finding someone willing to
build a desktop tool that allows you to easily see current policies and
create local ones on the fly.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]