[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Upcoming Fedora Test Days ... DeviceKit and XFCE



On Sat, 2009-03-14 at 14:39 -0600, Michal Jaegermann wrote:
> On Fri, Mar 13, 2009 at 05:50:58PM -0400, James Laska wrote:
> > 
> > = DeviceKit =
> > 
> > Ever notice how the graphical disk management functionality present
> > during a Fedora installation is not available after you've installed
> > your system?  
> > 
> >    <Enter DeviceKit on stage left>  
> 
> AFAICS this is the next big security disaster in the making.
> Something on par with this broken clock access via clock-applet or
> maybe even worse.  It is not apparent how to prevent totally screwed
> defaults from taking over.
> 
> The problem is that all partitions from the _fixed_ media become
> available for scribbling, through a "Computer" browser, for anyone
> with a login on a desktop.  Some of these, apparently at random, are
> even automounted (and spill a garbage with such descriptive names
> like "260 MB Filesystem" all over a desktop).  It looks like that
> the only "security" model considered is "one user per machine and
> preferably as root or at least with a root access".  Somebody spent
> much too much time on Windows and never heard words like a "backup",
> "another installation", "limited access", etc.
> 
> Expect the same "swift reaction", or rather a total lack of it,
> as in a clock-applet case.

-devel may be a better place to discuss this, I think.

The security model for DeviceKit is 'use PolicyKit'. DeviceKit uses the
policies set by PolicyKit to regulate access to storage devices. If you
want a restrictive policy on such access, set it up in PolicyKit.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]