LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora 12 lets unprivileged users install packages

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 18:03 UTC (Thu) by mebrown (subscriber, #7960)
In reply to: Fedora 12 lets unprivileged users install packages by dskoll
Parent article: Fedora 12 lets unprivileged users install packages

For statistics buffs out there, mean/median/mode:

The mean number of lines of installation scripting for packages installed on my F11 system: 2

The median and mode: 0

By far the most common install script: ldconfig

There are only tens of packages out there with more than a dozen lines of install scripting. (ie. easily auditable) The packaging guidelines discourage complicated install scripting.

I have not audited all the packages out there, but the thought that there are thousands of packages out there with potentially vulnerable install scripting is unfounded in reality.

(Log in to post comments)

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 19:55 UTC (Thu) by dskoll (subscriber, #1630) [Link]

OK, fine. If you think it's OK to increase the attack surface from a few hundred packages you want installed on your Fedora system to every single signed package in Fedora, then I guess the change makes sense.

For people who are concerned about security, it makes no sense at all.

As a thought experiment, consider how the Fedora community would have reacted had Microsoft made a similar move. They'd have scoffed at its incredible lameness.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 20:36 UTC (Thu) by mebrown (subscriber, #7960) [Link]

Sure, if by "people concerned about security", you mean, "people who have kneejerk reactions with no analysis whatsoever".

Compare/contrast with a theoretical Microsoft action is neither analysis or valid argument. Reading this thread, I'm surprised at the amount of misinformation floating around from *lwn readers*, of all people.

People who have untrusted users can use the locked-down guest account for those users. People who fall outside of normal use case scenarios can easily just change the default to disallow this. Generally anybody who is locking their system down anyways can just add this to the list (or have this as a standard switch that gets de-activated in kiosk mode.)

Personally, after setting up several machines for people who fall under the more general fedora-targeted use-cases, this provides a much better user experience. I'd rather let my wife and mother-in-law install their own software without having to give them complete sudo/root access.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 20:45 UTC (Thu) by jgarzik (subscriber, #8364) [Link]

It is no theoretical argument to say that secured, multi-user workstations running F11 will upgrade into insecurity, when moving up for F12.

You must (a) be aware of the new F12 PackageKit policy and (b) remove PackageKit after upgrade to avoid this major security hole [from the PoV of a multi-user admin].

How many classrooms, laptops, workstations will even be aware of this, given that this is not mentioned in F12-gold release notes at all?

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 21:19 UTC (Thu) by dskoll (subscriber, #1630) [Link]

Sure, if by "people concerned about security", you mean, "people who have kneejerk reactions with no analysis whatsoever".

*sigh*. I'm not surprised the state of computer security is such a mess. This will come back to bite Fedora, mark my words. "Improving the User Experience" is often (unfortunately) a code phrase for "Security is inconvenient, so let's reduce security."

It's a basic tenet of computer security to reduce your risk by not installing unnecessary software. That's such an obvious best-practice that I'm stunned the Fedora team can't understand the reaction this change is getting.

I'd rather let my wife and mother-in-law install their own software without having to give them complete sudo/root access.

Wow. That's completely opposite to what I do; I would never trust my wife, kids or parents to install software, let alone have any kind of sudo/root access. I manage the machines for them.

The average Windows machine has been designed for an "Improved User Experience" and lets unsophisticated users install software, etc. The average Windows machine is also a cesspool of adware, spyware, trojans and viruses. I'm not implying that the latest Fedora change is that bad, but it's certainly a step in the wrong direction.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds