LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora 12 lets unprivileged users install packages

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 9:45 UTC (Thu) by lkundrak (subscriber, #43452)
Parent article: Fedora 12 lets unprivileged users install packages

To those who complain: I'm just wondering, how many of you have potentially malicious local users?

And those who do, is there anyone who was, until now, using completely default installations without locking down anything (such as ability to shut down or suspend the system when a single local user, removing ability to automount media, etc.)?

(Log in to post comments)

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:46 UTC (Thu) by cry_regarder (subscriber, #50545) [Link]

I'm not worried about malicious users. I'm worried about household guests and family members.

If this switch is on, you can't leave your media (mythtv for example) computer alone with a guest even for 5 minutes! How suckitude is that?

Hence, if you ever have guests in your house and you might want to go to the bathroom while they are there (say using a guest account to surf the web), you must disable this feature. Since the vast majority (73.2%) of home users fall into this category, the majority of users should disable this feature. However we know that the majority of users (97.32%) never disable any default feature until they've been reamed.

Fun.

The really annoying thing is that the fedora devel list is clogged up by pages upon pages upon pages of this thread.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 17:09 UTC (Thu) by lkundrak (subscriber, #43452) [Link]

> I'm not worried about malicious users. I'm worried about household guests and family members.

Are you well aware that with physical access they're able to do anything anyway? In most setups family members can. When it comes to guests, the right tool for you is xguest -- you'll get a locked-down desktop for guests with no extra configuration at all.

For the rest of setups you can still change the policy; point is that defaults are sane for most setups.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 20:48 UTC (Thu) by jgarzik (subscriber, #8364) [Link]

Are you well aware of decades of Unix history?

Doing malicious or stupid things with physical machine access typically requires a modicum of effort, and often leaves obvious evidence behind.

With F12, all you need is a mouse click. The bar is substantially lowered.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds