[packagekit] locking out password

Adrien BUSTANY madcat at mymadcat.com
Tue Mar 24 03:06:25 PDT 2009


Le 24/03/2009 09:32, Richard Hughes a écrit :
> On Mon, 2009-03-23 at 23:53 +0100, Adrien BUSTANY wrote:
>    
>> Yes, Daniel is right, rights in PackageKit are managed by PolicyKit,
>> and the granularity is action wise, not package wise. Depending on
>> your backend, there might be a way to pin the packages on the backend
>> side.
>>      
>
> I think in your situation you need to change the default authorisations
> for your kid to have deny remove, deny install unsigned (unsigned
> packaged) and allow install signed. The others are up to you.
>
> Also, Daniel is very correct in saying that if he has access to the
> physical machine, then it's trivial to set grub into runlevel 1 and then
> pwn the machine. Or even use a live CD and boot from cdrom. You probably
> want to lock down grub and the bios at a minimum.
>
> Richard.
>
>
> _______________________________________________
> PackageKit mailing list
> PackageKit at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/packagekit
>
>    
But then if an 8 year old kid is able to but in single user to remove 
iptables, I think his education should be put into question :D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/packagekit/attachments/20090324/1ed58698/attachment-0003.htm>


More information about the PackageKit mailing list