Wolfgang Bornath skrev 8.2.2012 18:01:
Apart from the understandable quest to make it easy on the unwashed
masses - it is still a security break - see what I have written about
the ability of xguest to do updates (while xguest was invented to
leave the system without garbage or damage at the end of his/her
session).
It's not a _security_ risk.
It's a user with _root_ privilegies that have added the medias, so if a
unsafe media has been added, blame _root_.
Otherwise they just allow to update from media that _root_ allows to use.
But yes, I think we should disable MageiaUpdate for xguest.
(and stop enabling xguest by default...)
--
Thomas
