Re: [Ayatana] Possible security risk with update-manager

[mac_v <drkvi-a@xxxxxxxxx>]

On Tue, 2009-12-15 at 08:53 -0500, Scott Kitterman wrote:
> On Tue, 15 Dec 2009 07:31:37 -0500 "Scott E. Armitage" 
> <launchpad@xxxxxxxxxxxxxxxxxxx> wrote:
> >I don't think that mac_v is proposing /automated/ updates, so much as he is
> >proposing that the current update scheme should not require the
> >administrator's password. The administrator would still be notified of new
> >updates as they are now, and they would have to decide when to download and
> >install the updates, however they would no longer have to confirm their
> >administrator status prior to update installation.
> 
> How do you confirm adminstrative authorization then?  Whether installed by 
> non-admins or automatically is just a variant of not under the 
> adminstrator's control.
> 
> Scott K
> 

With policykit we can set up the admin account to be granted access to
admin privileges without password-prompts [ex:mounting internal
drives] , similar can probably be done for updates.

The present policy of asking for password isnt really very ideal for a
non-tech user. 
The user just doesnt know or understand what the updates are for and
installs the updates blindly. Asking for password doesnt solve anything
here.

For the users who know about the update they check and install the
update. Prompting the password isnt solving anything here either.

So, prompting for passwords in the common user-scenarios isnt solving
anything. 
So why are we prompting for passwords? How is the present behavior
helping or solving anything or ensuring better the security of the
system?

Or are you asking  , how we can confirm that the user using the admin
account is actually the admin and not a guest user?

This is a scenario where the admin trusts the guest enough to use the
admin account and doesnt mind. 

Or if the user is concerned about guests installing the updates , they
could just remove the policykit rule and always be prompted for
passwords.


-- 
Cheers,
mac_v