|Subject:||Re: Local users get to play root?|
|Date:||Wed, 18 Nov 2009 15:27:09 -0500 EST|
2009/11/18 nodata <lsof@xxxxxxxxxxxx>:Am 2009-11-18 20:20, schrieb Richard Hughes:2009/11/18 Casey Dahlin<cdahlin@xxxxxxxxxx>:By the admin's first opportunity to change the settings the box could already be rooted.I'm not sure how you can root a computer from installing signed content by a user that already has physical access to the machine.You install software with a known buffer overflow before it is fixed and exploit it. More software = more chances to exploit. Bingo!If a user logged in from a physical local console wanted to exploit their machine, this would be the hard way to do it.
So here is what I've just gotten from talking to Ray Strode and reading docs.
if you want to disable this just run: pklalockdown --lockdown org.freedesktop.packagekit.package-install that will keep anyone from installing pkgs w/o authenticating as admin. That's the short version. the long version I'm working on writing up right now. -sv -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
|<Prev in Thread]||Current Thread||[Next in Thread>|
|Previous by Date:||Re: Local users get to play root?, nodata|
|Next by Date:||Re: Local users get to play root?, Chris Adams|
|Previous by Thread:||Re: Local users get to play root?, Jesse Keating|
|Next by Thread:||Re: Local users get to play root?, nodata|
|Indexes:||[Date] [Thread] [Top] [All Lists]|