Am 30.03.2018 um 04:36 schrieb Christoph Anton Mitterer: > The reasons seems to be that udisks' default policy allows any "local" > users pretty vast access (powering off, editing/deleting partitions, > etc.) on devices it doesn't consider to be system devices. > > No idea how it decides what a system disk is, but anything connected > via USB doesn't seem to be. > > This alone is IMO a grave security hole, but getting it fixed is > probably fighting windmills, as there seem to be a clear direction > towards the simple-desktop-system model, i.e. one user, computer anyway > fully physically accessible to any user sitting in front of it.
Fwiw, I don't agree here. A computer should be usable by default. We have a conservative, but usable default policy in Debian, imho. If a computer is not usable, users will start to employ hacks and workarounds, which would be worse. For a specialized lab setup you are indeed encouraged to setup you own policies and lock down stuff further. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-utopia-maintainers mailing list Pkg-utopia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers