Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges

Posted by timothy on Wednesday November 18, 2009 @09:30AM from the try-it-you-might-like-it dept.

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

1 of 502 comments (clear)

Min score:

Reason:

Sort:

Potential worm exploit by crow · 2009-11-18 09:48 · Score: 5, Interesting

Suppose someone wrote a worm that could get access to the system as a user. Then all they need is to find a signed package with a privilege-escalation bug, and whether it's installed or not, the malware could exploit it, gaining root access.
But apart from that, I can see where this would be nice from a single-user system standpoint.