To be sure, I don't think it's the best idea. But practically? For
actual users running fedora? I doubt the change makes much difference
for many of them.
The reason I even brought this up is not because I like the idea, but
because I think it is a good opportunity to reflect on what user
permissions accomplish on a typical desktop machine. Consider where
your "secrets", whatever they may be, are kept and how you access them.
How many people are aware that any X program can listen to the
keystrokes of any other X program?
When you type your password into sudo, how do you know it's the real
sudo? How do you know you aren't running badsudo because you're
actually running badsh and it redirected your path?
On Nov 18, 2009, at 8:49 PM, Jacob Meuser <jake...@sdf.lonestar.org>
wrote:
On Wed, Nov 18, 2009 at 05:38:38PM -0800, Ted Unangst wrote:
Before everyone goes too bonkers, consider exactly how safe/dangerous
this behavior actually is on a single user machine.
but did they also by default restrict the system to 1 user?
it's not so much the idea that's laughable, but the way it was
implemented.
"What I contest is that to *undo* it you need to be an experienced
system admin that knows how to write policykit policies and where
to drop them.
I think we can count the number of people able to do that on the
tips of my fingers." - Simo Sorce, Software Engineer at Red Hat, Inc.
--
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
