On Mon, 2009-11-23 at 19:01 -0500, Gregory Maxwell wrote:
On Mon, Nov 23, 2009 at 6:43 PM, Jesse Keating jkeat...@j2solutions.net
wrote:
This is precisely the dialog that has been removed from F12 and is not
planned to be returned.
My understanding was that this was removed because
On Mon, 2009-11-23 at 22:32 +, Colin Walters wrote:
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't matter, there should be no way to change MAC
policy without
On Tue, 24 Nov 2009, James Antill wrote:
On Mon, 2009-11-23 at 22:32 +, Colin Walters wrote:
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't matter, there should be
On Tuesday, 24 November 2009 at 16:24, James Antill wrote:
On Mon, 2009-11-23 at 22:32 +, Colin Walters wrote:
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't
On Tue, 2009-11-24 at 10:27 -0500, Seth Vidal wrote:
On Tue, 24 Nov 2009, James Antill wrote:
On Mon, 2009-11-23 at 22:32 +, Colin Walters wrote:
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker
On 11/23/2009 07:01 PM, Gregory Maxwell wrote:
On Mon, Nov 23, 2009 at 6:43 PM, Jesse Keating jkeat...@j2solutions.net
wrote:
This is precisely the dialog that has been removed from F12 and is not
planned to be returned.
My understanding was that this was removed because collecting the
On Tue, 2009-11-24 at 14:22 -0500, Peter Jones wrote:
On 11/23/2009 07:01 PM, Gregory Maxwell wrote:
On Mon, Nov 23, 2009 at 6:43 PM, Jesse Keating jkeat...@j2solutions.net
wrote:
This is precisely the dialog that has been removed from F12 and is not
planned to be returned.
My
On 11/24/2009 03:49 PM, James Antill wrote:
On Tue, 2009-11-24 at 14:22 -0500, Peter Jones wrote:
That reason isn't /quite/ right. One big problem is that if you train a
user to input the root password over and over, what he learns is to type
the root password into a dialog box. The result
On Mon, 2009-11-23 at 18:32 -0500, Seth Vidal wrote:
On Mon, 23 Nov 2009, Colin Walters wrote:
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't matter, there
On Tue, 24 Nov 2009, Francis Earl wrote:
Would it be possible to do this similarly to Conary... only installing
the files (.so's and things in /etc and /usr/share/{icons,sounds,...}
etc) required by a given application (binary with .desktop file) ?
This would provide similar to package
Kevin Kofler kevin.kof...@chello.at writes:
I never tick those boxes. I'd like to know how to get rid of them
entirely.
Upgrade to F12 (with the latest PackageKit update), there's no such checkbox
in F12's PolicyKit.
This is good.
Also we should remember that user entering root password
James Morris (jmor...@namei.org) said:
MAC policy can be updated without administrative privilege, breaking our
MAC model in a fundamental way.
I'm fairly sure that's wrong as well. Installation of another policy
does not override the current one.
What about when the system is
On Mon, Nov 23, 2009 at 9:37 AM, Krzysztof Halasa k...@pm.waw.pl wrote:
Kevin Kofler kevin.kof...@chello.at writes:
I never tick those boxes. I'd like to know how to get rid of them
entirely.
Upgrade to F12 (with the latest PackageKit update), there's no such checkbox
in F12's PolicyKit.
On 11/23/2009 01:24 PM, Gregory Maxwell wrote:
I haven't tried the the fast user switching in fedora... Hopefully it is
using some kernel mode secure path to prevent users from stealing each others
credentials, if it isn't then one should be established for it. Why not use
the
same facility
Gregory Maxwell gmaxw...@gmail.com writes:
There are many kinds of security threat out there. For example, a few
dishonest
people within the fedora project could conspire to backdoor the heck out of
Fedora with a reasonable chance of not getting caught. Does this fact
mean that
we should
On Mon, 23 Nov 2009, Bill Nottingham wrote:
One scenario here is where the admin has made local modifications, which
are then discarded by an upgrade of the policy. It should not be
possible.
Your complaint appeared to be that someone could switch from
targeted to minimal (or
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't matter, there should be no way to change MAC
policy without MAC privilege.
It'd be nice here if we had the ability to only
On Mon, Nov 23, 2009 at 2:13 PM, Peter Jones pjo...@redhat.com wrote:
On 11/23/2009 01:24 PM, Gregory Maxwell wrote:
I haven't tried the the fast user switching in fedora... Hopefully it is
using some kernel mode secure path to prevent users from stealing each others
credentials, if it isn't
On Mon, 23 Nov 2009, Colin Walters wrote:
On Mon, Nov 23, 2009 at 10:02 PM, James Morris jmor...@namei.org wrote:
Possibly (it could simply be that an updated policy is weaker for some
reason) -- but it doesn't matter, there should be no way to change MAC
policy without MAC privilege.
On Mon, 2009-11-23 at 18:06 -0500, Gregory Maxwell wrote:
This isn't mutually exclusive with finer-grained elevations but would
allow finer grained
elevations to stay out of the default install: When additional
privileged is needed, the
system prompts you to authenticate via a secure prompt.
On Mon, Nov 23, 2009 at 6:43 PM, Jesse Keating jkeat...@j2solutions.net wrote:
This is precisely the dialog that has been removed from F12 and is not
planned to be returned.
My understanding was that this was removed because collecting the root password
during a user session is insecure because
On Sat, 21 Nov 2009, Matthew Garrett wrote:
worked without a password or login or anything. For the envisioned
'desktop' model is there a reason to have multiple users for the
default? Is there a reason to have anything but root?
Yes. There's a range of acts that root is able to perform
James Morris wrote:
On Fri, 20 Nov 2009, Matthew Garrett wrote:
I don't think I'd agree with that. The common case for F10 and F11 will
be for people to have installed a package once with the root password
and then ticked the Remember authentication box. At that point, we
have the same
On Fri, 2009-11-20 at 21:28 -0500, Jeff Garzik wrote:
On 11/20/2009 09:19 PM, James Morris wrote:
Are we moving toward a model where the user and the administrator are no
longer really separated? Things seem to be regressing according to
whatever use-case some desktop developer thinks is
On Thu, 19 Nov 2009, Conrad Meyer wrote:
I think it's fair to say that having this happen as root would generally
be worse than it happening as an unprivileged user. For the latter, the
attacker would need to also then succeed with a local privilege escalation
attack to the same effect.
On Fri, Nov 20, 2009 at 12:26 AM, Conrad Meyer ceme...@u.washington.edu wrote:
On the contrary. On the typical single user system, it's just as bad if an
attacker can steal / delete / modify the user's files as it is if the attacker
can modify / delete system files. Privilege escalation isn't
On Fri, Nov 20, 2009 at 04:09:15PM +1100, James Morris wrote:
Many users limit their use of the root account to essential system
maintenance, and run general purpose applications as a regular
unprivileged user.
I know basically nobody who, on a generally single user system,
explicitly
On Fri, Nov 20, 2009 at 9:34 AM, Matthew Garrett m...@redhat.com wrote:
On Fri, Nov 20, 2009 at 04:09:15PM +1100, James Morris wrote:
Many users limit their use of the root account to essential system
maintenance, and run general purpose applications as a regular
unprivileged user.
I
On Fri, Nov 20, 2009 at 09:38:43AM -0500, Fulko Hew wrote:
I do! And I tell everyone else too, so they learn/understand the
difference
between 'god' and a 'mere mortal user' (ie. root and anyone else).
Actually, thinking about it, even this isn't sufficient. An attacker
could
James Morris (jmor...@namei.org) said:
- The local session can now install any signed packages from the Fedora
repos:
- I think this includes old versions of packages (correct?)
Incorrect.
MAC policy can be updated without administrative privilege, breaking our
MAC model in a
On 11/20/2009 10:04 AM, Matthew Garrett wrote:
I know basically nobody who, on a generally single user system,
explicitly switches to a console to log in as root and perform package
installs there. If you're not doing that then the issue is basically
moot - a user-level compromise will become a
On Fri, 2009-11-20 at 11:50 -0430, Robert Marcano wrote:
On 11/20/2009 10:04 AM, Matthew Garrett wrote:
I know basically nobody who, on a generally single user system,
explicitly switches to a console to log in as root and perform package
installs there. If you're not doing that then the
On Fri, 20 Nov 2009, Owen Taylor wrote:
On Fri, 2009-11-20 at 11:50 -0430, Robert Marcano wrote:
On 11/20/2009 10:04 AM, Matthew Garrett wrote:
I know basically nobody who, on a generally single user system,
explicitly switches to a console to log in as root and perform package
installs
On Fri, 20 Nov 2009, Frank Ch. Eigler wrote:
otaylor wrote:
This actually is one of the big advantages of PackageKit - because the
installation is being done by a daemon rather than a process running in
your session, if the X session dies during package installation, you
won't be left with
On Fri, 20 Nov 2009, Matthew Garrett wrote:
I know basically nobody who, on a generally single user system,
explicitly switches to a console to log in as root and perform package
installs there.
This is how I started doing things in 1993, although I changed to sudo a
few years back.
-
On Fri, 20 Nov 2009, Bill Nottingham wrote:
MAC policy can be updated without administrative privilege, breaking our
MAC model in a fundamental way.
I'm fairly sure that's wrong as well. Installation of another policy
does not override the current one.
What about when the system is
I wanted to provide an update to the list on the current thinking about
the PackageKit policy issue from the perspective of the people working
on the core desktop packages and on the desktop user experience.
There was informal meeting earlier today with Richard Hughes, and
myself, and a couple of
On 11/19/2009 09:29 PM, Owen Taylor wrote:
Executive summary
=
We'll make an update to the F12 PackageKit, so that the root password is
required to install packages.
Thank you for the followup and attack plan.
I also look forward to a policy configuration tool in
On Thu, 19 Nov 2009, Owen Taylor wrote:
Among the decisions Richard made was allowing all users to install
signed packages from the Fedora repositories. This was clearly the right
behavior for the common case of a single-user system, where the only
user is also the administrator.
I don't
On Thursday 19 November 2009 09:09:15 pm James Morris wrote:
On Thu, 19 Nov 2009, Owen Taylor wrote:
Among the decisions Richard made was allowing all users to install
signed packages from the Fedora repositories. This was clearly the right
behavior for the common case of a single-user
Thank you greatly for the well worded and well thought out response/update
on the situation. In a thread of what was essentially a flame war, it is
nice to see something constructive and meaningful emerge from the ashes.
-Adam (From Android - CM)
On Nov 19, 2009 8:30 PM, Owen Taylor
41 matches
Mail list logo