[Mageia-discuss] A possible risk ?
Thomas Backlund
tmb at mageia.org
Thu Feb 9 09:11:48 CET 2012
Wolfgang Bornath skrev 8.2.2012 18:01:
> Apart from the understandable quest to make it easy on the unwashed
> masses - it is still a security break - see what I have written about
> the ability of xguest to do updates (while xguest was invented to
> leave the system without garbage or damage at the end of his/her
> session).
It's not a _security_ risk.
It's a user with _root_ privilegies that have added the medias, so if a
unsafe media has been added, blame _root_.
Otherwise they just allow to update from media that _root_ allows to use.
But yes, I think we should disable MageiaUpdate for xguest.
(and stop enabling xguest by default...)
--
Thomas
More information about the Mageia-discuss
mailing list