2014-04-20 23:20 GMT+02:00 Lars Seipel <lars.sei...@gmail.com>:
> On Thu, Apr 17, 2014 at 11:44:58PM +0200, Miloslav Trmač wrote:
> > We don't, actually. *Only* applications running in a session of a member
> > of the wheel group would have that right, and those applications are
> pretty
> > much root-equivalent anyway. (Many GNOME users probably use such a
> setup,
> > but it's not at all the only one possible.)
>
> Ugh. This is implemented in PolicyKit? Where was this change
> discussed/announced and when did it happen? Reinterpreting wheel group
> membership to give user accounts mighty powers without requiring
> re-authentication is a pretty major change and probably unexpected for
> most users.
>
I'm sorry, I was imprecise; it typically does require re-authentication
with users' own password, but in X11 that password is available to any
malicious program running in the session (e.g. by painting a fake screen
lock), so I tend to discount it.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
