[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Fri, 20 Nov 2009, Matthew Garrett wrote:

> I know basically nobody who, on a generally single user system, 
> explicitly switches to a console to log in as root and perform package 
> installs there.

This is how I started doing things in 1993, although I changed to sudo a 
few years back.

> >  - The local session has a new means to execute in a high privilege 
> >    context, i.e. that which is required to install the system itself.  
> >    This is a problem alone -- everything which runs in this context is 
> >    now a prime attack target.
> 
> I don't think I'd agree with that. The common case for F10 and F11 will 
> be for people to have installed a package once with the root password 
> and then ticked the "Remember authentication" box. At that point, we 
> have the same security exposure as we do with F12 (again, concentrating 
> on the single-user machine case).

I never tick those boxes.  I'd like to know how to get rid of them 
entirely.

> I definitely agree that there's a whole range of cases where this isn't 
> the behaviour you want. But for the vast majority of our users, I don't 
> think there's a real security issue here.

Are we moving toward a model where the user and the administrator are no 
longer really separated?  Things seem to be regressing according to 
whatever use-case some desktop developer thinks is important at the time.


- James
-- 
James Morris
<jmorris namei org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]