People's reaction to this is just stupid.
Posted Nov 19, 2009 13:40 UTC (Thu) by drag
In reply to: People's reaction to this is just stupid.
Parent article: Fedora 12 lets unprivileged users install packages
"""The local users discussed here are the completely random "people" who
you should assume are roaming around on your system, and who can now
trigger something that previously required root privileges."""
If you leave your system unlocked and let random strangers have physical
access to it then you have bigger issues then packagekit.
"""Yes, this is then only one of many bad things, and not even the worst
thing, that can happen to you. That's no reason to allow everyone and his
dog to install software on your system."""
Only people that are logged in locally have this ability.
And it's easily configurable.
"""Yes, there are many things wrong with the superuser security model. But
clearly the solution is not to bypass this model."""
Yes it is. Giving users the ability to run code with root privileges under
their account is clearly undesirable and any system that allows you to
avoid this is desirable.
"""At least not until you have solved the problem that package management
might actually require root privileges (reboot, device configuration,
The goal of all of this is to make a Desktop-oriented operating system were
normal user activity can be carried out in a safe and secure manner in a
Device configuration on Fedora is carried out without user intervention as
much as is possible.
Rebooting can be done by a local account without invoking sudo or su and is
I don't know what 'etc' is going to cover, but I bet that Fedora also has
that taken care of.
Updating and installing software is a everyday mundane event. Especially
when it comes to performing system updates it's very very desirable to have
this happen with as little barriers as possible. Having insecure older
versions of software running on a Linux desktop when more secure newer
versions are available is a serious threat to the security of the average
""" and you have solved the rather obvious security problem of running
software that may not have been installed by you or someone you trust.'""
If you let unknown or untrusted people log in with your credientials on
your system and/or let them have full physical and unmonitored access (all
of which is necessary in Fedora 12 to install software without your
knowledge) to your systems you have much bigger issues then worrying about
somebody installing software that may run as root with a local root
to post comments)