Slashdot Mirror


Fedora 12 Lets Users Install Signed Packages, Sans Root Privileges

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

3 of 502 comments (clear)

  1. It's obvious by Hognoxious · · Score: 0, Troll

    They're just trying to make it more like Windows.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    1. Re:It's obvious by Anonymous Coward · · Score: -1, Troll

      I agree.. reading the thread, one of the people who implemented this said (paraphrasing) "I don't care about the way *nix has "always worked" - users want it this way."

      That sounds pretty much like the Windows approach to me. "Screw security, this will be easier!"

  2. Re:Denial of service attack? by Simon+(S2) · · Score: 1, Troll

    Besides the obvious problems with this that I've already seen posted here...

    Couldn't a user install everything from an approved repo and crash the machine by filling up all the disk space? Seems like an attack vector for denial of service attacks.

    Sure. But since we are talking about local users that have physical access to the box anyway, why should they DoS it by installing packages? They could just throw it from the 11th floor.

    --
    I just don't trust anything that bleeds for five days and doesn't die.