[Mageia-discuss] A possible risk ?

Wolfgang Bornath molch.b at googlemail.com
Wed Feb 8 13:51:27 CET 2012


2012/2/8 Sander Lepik <sander.lepik at eesti.ee>:
> 08.02.2012 13:47, Renaud (Ron) Olgiati kirjutas:
>
>> Brilliant, thanks.
>>
>> But would it not make more sense to have the default changed to root ?
>
> Updates shouldn't break system and so i think they should be enabled for
> normal users. Upgrades is something else and should be disabled for normal
> users. You can report bug about this problem.

Last November I setup my normal Mageia system to auto-boot into xguest
so visitors at the Mageia stand at an exhibition can try out Mageia. I
was surpised and shocked when I watched the update icon light up and
the visitor could perform this update as xguest! This IS a risk no
matter whether an update breaks a system or not. After I saw this the
first thing I did was su into root and change the permission setting
for updates.

This is one thing where security was broken for ease of use.

-- 
wobo


More information about the Mageia-discuss mailing list