LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

People's reaction to this is just stupid.

People's reaction to this is just stupid.

Posted Nov 19, 2009 13:30 UTC (Thu) by drag (subscriber, #31333)
In reply to: People's reaction to this is just stupid. by Tet
Parent article: Fedora 12 lets unprivileged users install packages

"""Sure, they can override them, but it's not always trivial. On my
machines, for example, they'd need to either get past the BIOS password to
change the boot order, or physically open the machine up and change the
boot disk. Both of which are possible, but not exactly trivial."""

It's a hell of a lot f-ing more trivial to do that then using package kit
to install a service or application that runs as root and is locally
exploitable.

"""You seem to be claiming that because local access gives you an attack
vector, it's fine to drop any additional security that might have been in
place. That doesn't make sense to me."""

That would not make sense if that was what I was saying, but it is not what
I am saying.

(Log in to post comments)

People's reaction to this is just stupid.

Posted Nov 19, 2009 20:53 UTC (Thu) by kilpatds (subscriber, #29339) [Link]

drag wrote:
It's a hell of a lot f-ing more trivial to do that then using package kit to install a service or application that runs as root and is locally exploitable.

Really? It takes less time to reboot my laptop and crack the HD password (full disk encryption) that it does to install a new package and break it?

Perhaps the disk encryption people should fix that...

People's reaction to this is just stupid.

Posted Nov 19, 2009 23:02 UTC (Thu) by drag (subscriber, #31333) [Link]

What distro ships with encrypted drives as the default?

What computer ships with a bios password as a default?

If you take steps to secure your stuff then that does not enter into this
discussion really. People are pissed off about the default configuration and
that is what I am talking about.

A configuration, btw, that is trivially easy to change.

People's reaction to this is just stupid.

Posted Nov 20, 2009 1:10 UTC (Fri) by kilpatds (subscriber, #29339) [Link]

drag wrote:
What distro ships with encrypted drives as the default?

FC11. At least it was so easy to do during the install it might as well have. So, I needed to know darn little to set that up. Certainly less than I need to know to turn this off.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds