[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans

Kevin Kofler <kevin kofler chello at> writes:

>> I never tick those boxes.  I'd like to know how to get rid of them
>> entirely.
> Upgrade to F12 (with the latest PackageKit update), there's no such checkbox 
> in F12's PolicyKit.

This is good.

Also we should remember that user entering root password in user's
session makes the user account practically equivalent to root (it can be
seen as a protection against incidental damage, but not against a real
attack). The only secure way has to use a fully trusted path from the
person to the root process - e.g. logging as root (or root-equivalent)
initially, with a physically secured console (some sysrq-k or
ctrl-alt-del combo which cannot be remapped or blocked by non-root etc).

E.g. using su or in most cases sudo etc. makes the non-root account
equivalent to root. This can be, of course, deemed secure as long as we
accept and understand this equivalency.
Krzysztof Halasa

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]