[Mageia-discuss] A possible risk ?
nicolas vigier
boklm at mars-attacks.org
Wed Feb 8 15:57:59 CET 2012
On Wed, 08 Feb 2012, Michael Scherer wrote:
> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
> écrit :
> > On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
> > Robinson who wrote:
> > > > I ended up installing Mageia 1 on his box, but I wonder why does the
> > > > distribution allow the user to potentially hose his system, when it
> > > > requires the root password to install a prog ?
> > > > Would it not make more sense to ask for the root password for the updates?
> >
> > > It is configurable in MCC. You can find it under Security => Configure
> > > authentication for Mageia Tools.
> > > Just select root for Update.
> >
> > Brilliant, thanks.
> >
> > But would it not make more sense to have the default changed to root ?
>
> That totally miss the point, which is that a upgrade hosed the system.
> Would requiring the root password have changed that ? I doubt.
>
> However, if the user cannot do upgrade without asking to someone else
> ( because that's the whole point of having 2 different passwords, else,
> that's just a nuisance that will confuse most people ), then he will
> likely miss security and bugfixes updates, and that's problematic.
It's not clear if we are talking about installing updates only, or
upgrading to a new version of the distribution. Installing updates is
supposed to be safe and can be allowed by default with user password.
But upgrading to a new distribution is more dangerous and should
probably only be allowed with root password.
More information about the Mageia-discuss
mailing list