| |||||||||||||
People's reaction to this is just stupid.People's reaction to this is just stupid.Posted Nov 19, 2009 12:49 UTC (Thu) by Tet (subscriber, #5433)In reply to: People's reaction to this is just stupid. by drag Parent article: Fedora 12 lets unprivileged users install packages Local users have physical access to your machine and thus they can trivially override any practical security mechanism you may have on your computer Sure, they can override them, but it's not always trivial. On my machines, for example, they'd need to either get past the BIOS password to change the boot order, or physically open the machine up and change the boot disk. Both of which are possible, but not exactly trivial. It's all about the height of the bar. You seem to be claiming that because local access gives you an attack vector, it's fine to drop any additional security that might have been in place. That doesn't make sense to me. A determined attacker will always get in. But it's still worth protecting against the opportunist (and the ignorant). Anyways if your having guest users you should have them use guest accounts Guest accounts that are now capable of installing software without root access? I'm not sure what your point is here.
(Log in to post comments)
People's reaction to this is just stupid. Posted Nov 19, 2009 13:27 UTC (Thu) by drag (subscriber, #31333) [Link]
Well guest accounts should not be allowed to have privileged actions.
This is easily configurable, but should be the defaults.
A 'guest account' is one that has no privileges and changes are wiped from
People's reaction to this is just stupid. Posted Nov 19, 2009 13:30 UTC (Thu) by drag (subscriber, #31333) [Link]
"""Sure, they can override them, but it's not always trivial. On my
machines, for example, they'd need to either get past the BIOS password to change the boot order, or physically open the machine up and change the boot disk. Both of which are possible, but not exactly trivial."""
It's a hell of a lot f-ing more trivial to do that then using package kit
"""You seem to be claiming that because local access gives you an attack
That would not make sense if that was what I was saying, but it is not what
People's reaction to this is just stupid. Posted Nov 19, 2009 20:53 UTC (Thu) by kilpatds (subscriber, #29339) [Link] drag wrote:It's a hell of a lot f-ing more trivial to do that then using package kit to install a service or application that runs as root and is locally exploitable. Really? It takes less time to reboot my laptop and crack the HD password (full disk encryption) that it does to install a new package and break it? Perhaps the disk encryption people should fix that...
People's reaction to this is just stupid. Posted Nov 19, 2009 23:02 UTC (Thu) by drag (subscriber, #31333) [Link]
What distro ships with encrypted drives as the default?
What computer ships with a bios password as a default?
If you take steps to secure your stuff then that does not enter into this
A configuration, btw, that is trivially easy to change.
People's reaction to this is just stupid. Posted Nov 20, 2009 1:10 UTC (Fri) by kilpatds (subscriber, #29339) [Link] drag wrote:What distro ships with encrypted drives as the default? FC11. At least it was so easy to do during the install it might as well have. So, I needed to know darn little to set that up. Certainly less than I need to know to turn this off.
|
|||||||||||||