| |||||||||||||
Fedora 12 lets unprivileged users install packagesFedora 12 lets unprivileged users install packagesPosted Nov 18, 2009 23:53 UTC (Wed) by midg3t (subscriber, #30998)Parent article: Fedora 12 lets unprivileged users install packages
This should make local privilege escalation a little easier.
1. Find package with recent, unpatched privilege escalation vulnerability.
(Log in to post comments)
Haystack surrounding a needle. Posted Nov 19, 2009 0:30 UTC (Thu) by sladen (subscriber, #27402) [Link]
If they are a local user they already had root by way of phsyical access, so fair enough.
But for a remote user, life got easier; one no longer needs to find a hole in the actual running system or available setuid software; but merely in the (somewhat less tested) package-specific install scripts.
The problem just changed from trying to find a needle in a haystack, to one of spotting a haystack surrounding a needle.
Haystack surrounding a needle. Posted Nov 19, 2009 0:55 UTC (Thu) by etrusco (guest, #4227) [Link]
The summary says "signed packages" . I didn't RTFT (thread) either, but I'm hoping this capability will only be enabled by default to some kind of "desktop users" or "interactive users"?
Haystack surrounding a needle. Posted Nov 19, 2009 0:55 UTC (Thu) by jspaleta (subscriber, #50639) [Link]
lets be clear... remote users aren't privledged by default. PolicyKit understands the concept of console user versus remote.
-jef
Haystack surrounding a needle. Posted Nov 19, 2009 1:23 UTC (Thu) by sbergman27 (guest, #10767) [Link]
"""
lets be clear... remote users aren't privledged by default. PolicyKit understands the concept of console user versus remote. """
Does it understand the concept of "local dinner parties" vs "remote dinner parties"? "Local
Has anyone looked into how well this kind of thinking worked for Windows?
Haystack surrounding a needle. Posted Nov 19, 2009 7:29 UTC (Thu) by bronson (subscriber, #4806) [Link]
Does any operating system understand the concept of "local dinner parties"?
Haystack surrounding a needle. Posted Nov 19, 2009 7:46 UTC (Thu) by bronson (subscriber, #4806) [Link]
Oh, I see what you're saying... You're worried that some dinner party guest might log onto your computer and fill your root partition with insecure daemons? Not a problem -- how many Linux users host dinner parties? Maybe if we were using Windows 7 this would be an issue: http://www.youtube.com/watch?v=1cX4t5-YpHQ (it's real, sorry, only watch if you have a strong constitution)
For the record I agree: it seems utterly daft to have this enabled by default. Did we forget the lesson from RH6 having a bunch of unnecessary daemons (read: breakin vectors) enabled by default?
Haystack surrounding a needle. Posted Nov 19, 2009 9:06 UTC (Thu) by michaeljt (subscriber, #39183) [Link]
Hm, Gnash used to be able to cope with some youtube videos, but recently I have had a zero success rate. Not that it is killing me, but still... Anyone else?
Haystack surrounding a needle. Posted Nov 19, 2009 15:31 UTC (Thu) by geisler (guest, #44380) [Link]
They switched the default player to Flash 10, but I've still been able to see success by clicking on the icon that opens the video in a new window. For some reason, that video will run while the one on the page will not.
Haystack surrounding a needle. Posted Nov 19, 2009 17:24 UTC (Thu) by sir99 (guest, #3286) [Link]
Flash works so poorly on my system that I use youtube-dl and watch in mplayer. Probably there's a firefox extension to do this more transparently.
Fedora 12 lets unprivileged users install packages Posted Nov 19, 2009 0:31 UTC (Thu) by kragil (subscriber, #34373) [Link]
My thought exactly, but this is a single user desktop feature and not for servers.
I like it.
|
|||||||||||||