[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Sat, 21 Nov 2009, Matthew Garrett wrote:

> > worked without a password or login or anything. For the envisioned
> > 'desktop' model is there a reason to have multiple users for the
> > default? Is there a reason to have anything but root?
> 
> Yes. There's a range of acts that root is able to perform that even an 
> admin user should not be able to perform without extra authentication. 
> It's not even necessarily related to security - I don't want a bug in 
> firefox resulting in it trying to write to /dev/sda rather than a file 
> in my home directory, for instance.

This needs to be enforced at the OS level, with an analyzable policy, so 
you can determine if this is possible or not.  "Install all signed 
packages from a Fedora repository" may indeed include the ability to write 
to /dev/sda -- nobody really knows and you have no way to find out.

Also, it should certainly be possible while the operation is running at 
full privilege.



- James
-- 
James Morris
<jmorris namei org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]