Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges

Posted by timothy on Wednesday November 18, 2009 @09:30AM from the try-it-you-might-like-it dept.

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

1 of 502 comments (clear)

Min score:

Reason:

Sort:

Re:This makes sense by fluch · 2009-11-18 09:48 · Score: 5, Informative

No, it does NOT make sense. It creates a new security risk: If some malicious software (runing under with normal user privileges) notices that a hackable software is missing on the computer (one which has a known security vulnerability to gain root access) it can now install this package without problem and gain root access later on.
A sudo approach like done in Ubuntu is much better.