|
|
Subscribe / Log in / New account

Fedora 12 lets unprivileged users install packages

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 6:32 UTC (Thu) by gdt (subscriber, #6284)
Parent article: Fedora 12 lets unprivileged users install packages

Oh dear. The new default is wrong. Consoles used to be in a secure location, but workstations started to make that unlikely and laptops make the idea that the console is more secure than the network totally untenable. If you think about a school, the student is likely to be on the console and the administrator more likely to be accessing the machine across the network.

One of the great advances in security in the past decade has been the wide acceptance that software systems should be secure by default. Which this suggestion isn't. It allows an untrusted user on a console (ie, a student in a computer lab) to easily take advantage of the next local exploit by installing the deficient software before a patch is available from the mirror (and given that Fedora's mirroring really sucks at the moment, that could be days even for a 0-day fix). The idea that the software should be shipped insecurely for computer lab use, and then the default altered by the sysadmin is exactly the sort of thinking which leads to 500 page "deployment manuals" of the type hated by administrators everywhere, and rather reminiscent of the 'sacrifice security for usability' ethos of a major vendor who's deep security issues cost its users billions per year..

Fedora have confused the notions of "trusted to configure hardware because they hold that hardware" and "trusted to administer machine". The first can be checked by seeing if they have physical access to the machine (ie, are logged into the console). The second is a list of user names, typically membership of 'wheel'.

If this means that only system administrators can automagically install codecs and fonts, well so be it. In the common case of a laptop being used by its owner, you're only inconveniencing them by asking them to authenticate.

to post comments

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 6:44 UTC (Thu) by dlang (guest, #313) [Link] (5 responses)

forget the issue of installing packages with the latest zero-day exploits in them

just install packages that grant addtional access to the system by design!

there are a LOT of packages out there that are extremely useful under some conditions, but under other conditions (and frequently with default configs) open up your system

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 9:48 UTC (Thu) by epa (subscriber, #39769) [Link] (4 responses)

there are a LOT of packages out there that are extremely useful under some conditions, but under other conditions (and frequently with default configs) open up your system
Yes... clearly the philosophy of 'let the user install standard packages' is at odds with the philosophy 'do not install a daemon unless you intend to run it'. If the user has rights to install httpd, then the default must be not to start it.

However, that does seem to be the case in modern Fedora: server packages are installed not-starting by default and you must use chkconfig(1) or some other means to enable them.

Apart from servers that start by default or suid binaries, in principle there is no package that can open up the system, since the user could always compile and run the code himself.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 11:54 UTC (Thu) by drag (guest, #31333) [Link] (3 responses)

> Yes... clearly the philosophy of 'let the user install standard packages'
> is at odds with the philosophy 'do not install a daemon unless you intend
> to run it'. If the user has rights to install httpd, then the default must
> be not to start it.

Not really.

Running updates and installing new versions of existing packages is a
critical action required to keep your system secure.

This should be as easy and convenient as possible.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:50 UTC (Thu) by cry_regarder (subscriber, #50545) [Link] (2 responses)

Right...update packages. Great. So when I am working online and have my 75 tabs open and do a user switch, I want that user to decide that NOW is the time to update the packages.

Firefox can't deal with being updated (it WILL crash or start behaving erratically forcing a restart). How about when PackageKit suggests that the system be rebooted? Will that user have the permissions to reboot my system?

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:52 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link] (1 responses)

User has permission to reboot the system in practically any distribution. PackageKit wouldn't have a problem with that.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:58 UTC (Thu) by cry_regarder (subscriber, #50545) [Link]

Sorry. It's not the permission to reboot. The power plug gives them that. It is the dialogue box that pops up telling/suggesting them to reboot.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds