| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 105100 | 2009-11-19 06:54:00 | Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges | Erayd (23) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 831538 | 2009-11-19 06:54:00 | Yikes! (linux.slashdot.org) Not much else to say really - I for one think this is an incredibly stupid decision by the Fedora devs. | Erayd (23) | ||
| 831539 | 2009-11-19 08:37:00 | So why would the devs do that Erayd? If it wasn't an oversight, I can't think of a single compelling reason? | nofam (9009) | ||
| 831540 | 2009-11-19 08:39:00 | Lets hope the writers patch the problem - getting like MS with patches all teh time - one interesting post from the link hits it on the head. > Another way to think about it - you are now vulnerable to local root exploits not only > in packages you installed, but also in packages you chose not to install. DING! You nailed it. The attack surface has been expanded to include every package in every enabled repo. Find a local root exploit in any one of them and you get the machine. This is totally stupid. It makes the assumption that every user is an admin, which was exactly the idiocy we have, rightly, laughed at Microsoft for years over. Microsoft has been working at correcting that mistake while we have been adopting it. And it isn't just Fedora, this apparently came from upstream at PackgeKit so unless this gets nipped in the bud it will spread to everyone else. The root of the problem is that decisions that impact security are being made by marketing people more concerned with the 'year of the Linux desktop'. And again, wasn't this exactly what we slagged Microsoft over in the past? As Linux nears readiness for mass consumption we find ourselves making exactly the same mistakes for exactly the same reasons. We are tossing decades of hard won security knowledge onto the altar of user friendliness. We didn't learn anything. We are doomed. :rolleyes: |
wainuitech (129) | ||
| 831541 | 2009-11-19 08:48:00 | DANG! The freebles have hit the wurtzle with a vengeance. What were they smoking? | R2x1 (4628) | ||
| 831542 | 2009-11-19 09:03:00 | How bizarre, I almost had to look to make sure it wasn't April 1st.:groan: | KarameaDave (15222) | ||
| 831543 | 2009-11-19 09:57:00 | So why would the devs do that Erayd? If it wasn't an oversight, I can't think of a single compelling reason?Oh this wasn't oversight - it was definitely deliberate. I believe they did it to make life slightly easier for Joe Bloggs, the clueless Windows user. What they didn't do was stop for a second and think about the real ramifications of that decision, and how incredibly stupid that decision was. | Erayd (23) | ||
| 1 | |||||