|
|
Subscribe / Log in / New account

Fedora 12 lets unprivileged users install packages

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 6:44 UTC (Thu) by dlang (guest, #313)
In reply to: Fedora 12 lets unprivileged users install packages by gdt
Parent article: Fedora 12 lets unprivileged users install packages

forget the issue of installing packages with the latest zero-day exploits in them

just install packages that grant addtional access to the system by design!

there are a LOT of packages out there that are extremely useful under some conditions, but under other conditions (and frequently with default configs) open up your system

to post comments

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 9:48 UTC (Thu) by epa (subscriber, #39769) [Link] (4 responses)

there are a LOT of packages out there that are extremely useful under some conditions, but under other conditions (and frequently with default configs) open up your system
Yes... clearly the philosophy of 'let the user install standard packages' is at odds with the philosophy 'do not install a daemon unless you intend to run it'. If the user has rights to install httpd, then the default must be not to start it.

However, that does seem to be the case in modern Fedora: server packages are installed not-starting by default and you must use chkconfig(1) or some other means to enable them.

Apart from servers that start by default or suid binaries, in principle there is no package that can open up the system, since the user could always compile and run the code himself.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 11:54 UTC (Thu) by drag (guest, #31333) [Link] (3 responses)

> Yes... clearly the philosophy of 'let the user install standard packages'
> is at odds with the philosophy 'do not install a daemon unless you intend
> to run it'. If the user has rights to install httpd, then the default must
> be not to start it.

Not really.

Running updates and installing new versions of existing packages is a
critical action required to keep your system secure.

This should be as easy and convenient as possible.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:50 UTC (Thu) by cry_regarder (subscriber, #50545) [Link] (2 responses)

Right...update packages. Great. So when I am working online and have my 75 tabs open and do a user switch, I want that user to decide that NOW is the time to update the packages.

Firefox can't deal with being updated (it WILL crash or start behaving erratically forcing a restart). How about when PackageKit suggests that the system be rebooted? Will that user have the permissions to reboot my system?

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:52 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link] (1 responses)

User has permission to reboot the system in practically any distribution. PackageKit wouldn't have a problem with that.

Fedora 12 lets unprivileged users install packages

Posted Nov 19, 2009 16:58 UTC (Thu) by cry_regarder (subscriber, #50545) [Link]

Sorry. It's not the permission to reboot. The power plug gives them that. It is the dialogue box that pops up telling/suggesting them to reboot.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds