[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Fri, 20 Nov 2009, Bill Nottingham wrote:

> Benny Amorsen (benny+usenet amorsen dk) said: 
> > > If there are pkgs which run daemons which are defaulting to ON when
> > > installed or on next reboot - then we should be auditing those pkgs.
> > > Last I checked we default to OFF and that should continue to be the
> > > case.
> > 
> > Is there a blanket prohibition on daemons defaulting to ON or are some
> > (presumably considered vital) daemons exempt? I ask because cronie
> > defaults to ON.
> 
> It's not a blanket prohibition. (See also opensshd, rsyslog, etc.)

IOW, a typical user really has no idea what "install signed fedora 
packages" means in terms of security. 

It doesn't matter how good the GUI looks and operates if people can't 
understand what it means.



- James
-- 
James Morris
<jmorris namei org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]