Posts tagged ‘stupid’

Fix Fedora 12s Broken User Access

November 19, 2009, 2:56 pm
fedora.png

A hotly debated topic this week has been a decision made with the latest release of Fedora. The 12th release has made it so that local users can install signed packages from the repositories, without root access.

You can read all the nerd-rage here:

Fedora 12 allows any user to install software on a machine without the root password. Drama on the mailing list.

Oddly enough they didn’t see this important enough to include on the release notes.   Some will argue this is not much of an issue, well I would ask you to consider this security breach of the Fedora signing servers a little more than a year ago:

https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html

With that taken into consideration, this is a pretty big deal.

Jeff Garzik’s replies seem to be the most eloquent arguments for reverting to the F11 security posture, in case anyone here thinks this change is a good thing:

Now for what this blog usually does, which is gives more solutions than commentary, here is how you fix your Fedora 12’s broken security model:

Simply run:

pklalockdown –lockdown org.freedesktop.packagekit.package-install

This will re-enable the old (better) behavior for installing signed packages with a known key.  Once this is done your Fedora 12 will no longer be on par with Windows98, enjoy.

Tags: , , , , ,
Category: Fedora, Security  |  Comments Off