Fedora 12 lets unprivileged users install packages
Posted Nov 19, 2009 6:32 UTC (Thu) by gdt
Parent article: Fedora 12 lets unprivileged users install packages
Oh dear. The new default is wrong. Consoles used to be in a secure location, but workstations started to make that unlikely and laptops make the idea that the console is more secure than the network totally untenable. If you think about a school, the student is likely to be on the console and the administrator more likely to be accessing the machine across the network.
One of the great advances in security in the past decade has been the wide acceptance that software systems should be secure by default. Which this suggestion isn't. It allows an untrusted user on a console (ie, a student in a computer lab) to easily take advantage of the next local exploit by installing the deficient software before a patch is available from the mirror (and given that Fedora's mirroring really sucks at the moment, that could be days even for a 0-day fix). The idea that the software should be shipped insecurely for computer lab use, and then the default altered by the sysadmin is exactly the sort of thinking which leads to 500 page "deployment manuals" of the type hated by administrators everywhere, and rather reminiscent of the 'sacrifice security for usability' ethos of a major vendor who's deep security issues cost its users billions per year..
Fedora have confused the notions of "trusted to configure hardware because they hold that hardware" and "trusted to administer machine". The first can be checked by seeing if they have physical access to the machine (ie, are logged into the console). The second is a list of user names, typically membership of 'wheel'.
If this means that only system administrators can automagically install codecs and fonts, well so be it. In the common case of a laptop being used by its owner, you're only inconveniencing them by asking them to authenticate.
to post comments)