People's reaction to this is just stupid.
Posted Nov 19, 2009 17:15 UTC (Thu) by drag
In reply to: People's reaction to this is just stupid.
Parent article: Fedora 12 lets unprivileged users install packages
Malicious local users are rarer than users that can be tricked into
subverting the security of the system unintentionally; a more likely threat
is from a web page or email message that claims to give users something
they want (a game, a faster computer, whatever), if they follow certain
This policy change only allows them to install signed packages from
Fedora's repositories. It won't allow them to download a random rpm
package or anything like that and allow them to install it. They would have
to gain root privileges in order to do that even with Fedora 12's policy
(on a side note: they can install and execute any program on any system
without root privileges as long as they install it to their home directory
regardless of anything to do with anything. So this is something that Linux
will have to improve on..)
So for your hack to work the attacker would have to trick Fedora into
signing and adding their malicious software to their repository first, then
trick the user to installing it through packagekit. This is certainly
within the realm of possibility, but it's already a real threat prior to
F12 and for other distros.
Regardless of the mechanism your using to allow users to install software
(sudo, su, etc) they will know how to do it if they know how to use their
desktop, right? After all installing software is a normal event. So a
attacker using social engineering to run a script using 'sudo' or adding a
password to a rpm is not really a sufficient barrier from social
engineering being effective.
Whats worse is that if you condition the user to continuously give up their
user or root password for lots and lots of different reasons then they will
quickly assume that this is the normal state of affairs and simply ignore
the security implications of giving out the password in the future, and be
conditioned to using shitty passwords since long passwords are a huge PITA.
See what happens with Window's UAC when it prompts passwords for every
little thing, or the type of things that people tell other people to do in
Ubuntu's forums. Once it becomes a normal sight then it loses it's
to post comments)