[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ayatana] Possible security risk with update-manager



On Tue, 2009-12-15 at 09:15 +0000, Alan Pope wrote:
> 2009/12/15 mac_v <drkvi-a@xxxxxxxxx>:
> > Why ask the admin password?
> > - Update manager is designed to be shown only for admin accounts and
> > doesnt show up for non-admins.
> 
> Indeed. I prefer the OSX way which asks for a user _and_ a password.
> This fits my use case which has my daughter using the Mac to surf the
> web. If she stumbles upon a blocked site she can click a link to allow
> it, come and get me and I'll type in my name and password to unlock
> that site.
> > - Admin User has already approved software source and accepted it as a
> > trusted source when they add the repo sources to the list.
> >
> > Why this extra step for a simple update process?
> >
> 
> There could be a significant time delta between adding software
> sources and updating the machine. If I was called away from my machine
> and update manager popped up, I'd rather my 3 year old Son didn't stab
> the install button and add the updates. I want some kind of security
> confirmation.
> 
> Cheers,
> Al.

I was hoping someone would bring this up :)

If someone other than the user is having access to a user account ,
there are bigger concerns than the guest updating the system. 

The guest[in this case the child] could delete important work files and
do more damage. 
Why is updating harmful? Aernt the Stable release updates supposed to be
pain-free? 

Well , parental control is a different issue. But when we are dealing
with user accounts  , why bother users for passwords.

The default can be password-less and such user-scenarios can be dealt in
parental-control.


-- 
Cheers,
mac_v