[Mageia-discuss] A possible risk ?

Thomas Backlund tmb at mageia.org
Thu Feb 9 09:11:48 CET 2012

Wolfgang Bornath skrev 8.2.2012 18:01:

> Apart from the understandable quest to make it easy on the unwashed
> masses - it is still a security break - see what I have written about
> the ability of xguest to do updates (while xguest was invented to
> leave the system without garbage or damage at the end of his/her
> session).

It's not a _security_ risk.

It's a user with _root_ privilegies that have added the medias, so if a 
unsafe media has been added, blame _root_.

Otherwise they just allow to update from media that _root_ allows to use.

But yes, I think we should disable MageiaUpdate for xguest.
(and stop enabling xguest by default...)


More information about the Mageia-discuss mailing list