LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora 12 lets unprivileged users install packages

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 20:36 UTC (Thu) by mebrown (subscriber, #7960)
In reply to: Fedora 12 lets unprivileged users install packages by dskoll
Parent article: Fedora 12 lets unprivileged users install packages

Sure, if by "people concerned about security", you mean, "people who have kneejerk reactions with no analysis whatsoever".

Compare/contrast with a theoretical Microsoft action is neither analysis or valid argument. Reading this thread, I'm surprised at the amount of misinformation floating around from *lwn readers*, of all people.

People who have untrusted users can use the locked-down guest account for those users. People who fall outside of normal use case scenarios can easily just change the default to disallow this. Generally anybody who is locking their system down anyways can just add this to the list (or have this as a standard switch that gets de-activated in kiosk mode.)

Personally, after setting up several machines for people who fall under the more general fedora-targeted use-cases, this provides a much better user experience. I'd rather let my wife and mother-in-law install their own software without having to give them complete sudo/root access.

(Log in to post comments)

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 20:45 UTC (Thu) by jgarzik (subscriber, #8364) [Link]

It is no theoretical argument to say that secured, multi-user workstations running F11 will upgrade into insecurity, when moving up for F12.

You must (a) be aware of the new F12 PackageKit policy and (b) remove PackageKit after upgrade to avoid this major security hole [from the PoV of a multi-user admin].

How many classrooms, laptops, workstations will even be aware of this, given that this is not mentioned in F12-gold release notes at all?

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 21:19 UTC (Thu) by dskoll (subscriber, #1630) [Link]

Sure, if by "people concerned about security", you mean, "people who have kneejerk reactions with no analysis whatsoever".

*sigh*. I'm not surprised the state of computer security is such a mess. This will come back to bite Fedora, mark my words. "Improving the User Experience" is often (unfortunately) a code phrase for "Security is inconvenient, so let's reduce security."

It's a basic tenet of computer security to reduce your risk by not installing unnecessary software. That's such an obvious best-practice that I'm stunned the Fedora team can't understand the reaction this change is getting.

I'd rather let my wife and mother-in-law install their own software without having to give them complete sudo/root access.

Wow. That's completely opposite to what I do; I would never trust my wife, kids or parents to install software, let alone have any kind of sudo/root access. I manage the machines for them.

The average Windows machine has been designed for an "Improved User Experience" and lets unsophisticated users install software, etc. The average Windows machine is also a cesspool of adware, spyware, trojans and viruses. I'm not implying that the latest Fedora change is that bad, but it's certainly a step in the wrong direction.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds