[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Friday 20 November 2009 05:52:44 am Gregory Maxwell wrote:
> On Fri, Nov 20, 2009 at 12:26 AM, Conrad Meyer <cemeyer u washington edu> 
wrote:
> > On the contrary. On the typical single user system, it's just as bad if
> > an attacker can steal / delete / modify the user's files as it is if the
> > attacker can modify / delete system files. Privilege escalation isn't
> > needed to delete everything the single user cares about.
> 
> Not quite.  For example, it's much easier to fix a system which has only
>  had a user account compromised, since if you actually trust that its only
>  the user account you can skip the full reinstall.
> 
> This is also assuming a strictly single user system. With features like
>  fast user switching it wouldn't be inadvisable or especially inconvenient
>  to operate business and pleasure activities from separate accounts. I
>  don't know anyone that does this today, but as it becomes easier to do so
>  and if the systems don't continue to go down the route of giving the local
>  accounts root access then it may be a practice which becomes common.

It's easier to fix the system, *if* you trust that only the user account has 
been compromised. However, to the user (and remember we're talking about 
single-user systems here), their data is much more important than system 
files. You can get system files back -- just reinstall. If data is lost / 
mangled / stolen, you can't get that data or privacy back.

Yes, we're talking only about single user systems, let's not get off-track 
here.

Regards,
-- 
Conrad Meyer <cemeyer u washington edu>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]