People's reaction to this is just stupid.
Posted Nov 20, 2009 1:21 UTC (Fri) by
drag (subscriber, #31333)
In reply to:
People's reaction to this is just stupid. by gmaxwell
Parent article:
Fedora 12 lets unprivileged users install packages
Eliminating SUID by replacing it with controls buried in a windows-
registry like database isn't necessarily an improvement.
Not always, of course. But I think in the case of policykit and the other
*kits it is.
This is simply because it should be unnecessary to perform normal desktop
operations without resorting to running privileged code under a user's
account. These things eliminate that for common cases.
I don't think that sudo/su should be eliminated for everything. It should
be reserved as a administrative tool and users should only be required to
be prompted for the root password or run root code under their account in
special cases. I think that in the cases of installing/updating software is
such a mundane and everyday event that invoking root password or running
code as root is diminishing the security of the typical desktop scenario
when a alternative exists.
Now for managed desktops then that sort of activity should be forbidden,
which is easy enough to accomplish through packagekit/policykit.
(also I don't consider storing policy as XML files in directories to be
anything like what the negative things the windows registry does...)
I do think that having this default spread to _all_ user accounts by
default is a bad idea, though.
(
Log in to post comments)
