[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



On Friday 20 November 2009 13:30:12 Simo Sorce wrote:
> On Fri, 2009-11-20 at 12:23 -0600, Bruno Wolff III wrote:
> > On Fri, Nov 20, 2009 at 08:48:56 -0500,
> >
> >   Simo Sorce <ssorce redhat com> wrote:
> > > On Fri, 2009-11-20 at 03:42 -0500, Jeff Garzik wrote:
> > > > On 11/20/2009 02:21 AM, Rudolf Kastl wrote:
> > > > > there are also inconsistencies between gui clickery and shell
> > > > > usage... simple example:
> > > > >
> > > > > click "shutdown" in gnome just does it in f12
> > > >
> > > > 
> > > > Yeah, you can do that in F11 as well :(
> > > > 
> > > > I agree, this needs protecting with a root password too.
> > >
> > > 
> > > Jeff this is silly.
> > > Shutdown in console by default is perfectly fine, otherwise the user
> > > can simply push the power button.
> >
> > 
> > I disagree. I don't want guests accidentally shutting down machines. If
> > they have to hit the power button it makes it a bit harder to do by
> > mistake. It isn't a huge deal, but I'd definitely prefer that the
> > shutdown/restart GUI stuff not work unless your authenticated as root.
> 
> I understand your point, but this is really splitting hairs.
> In this case I think the default is fine because it is not a security
> issue (if you have console access). If you still don't like it you
> should change the default.

+1 ... shutdown is not a security issue for a user with local console access 
and the same should apply to poweroff, halt, etc.

On the other hand, installing new or updated packages can be a security issue 
and should require additional authentication such as root's password or 
(perhaps) being in the wheel group or some selinux attribute.

> 
> Now, I know that changing PolicyKit related defaults is not easy at the
> moment. But that's an issue of man hours, finding someone willing to
> build a desktop tool that allows you to easily see current policies and
> create local ones on the fly.
> 
If the default is changed, then an easy-to-use gui tool is need to be 
available to adjust / change / (perhaps)  define policies at the same time that 
that the policy change is made.

One thing I consider really annoying are "are you sure" "popups" when some 
significant action (in the opinion of the developer) is done ... especially 
when the "popup" cannot be disabled.

Gene


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]