On Fri, Sep 13, 2013 at 10:23 AM, Oron Peled <o...@actcom.co.il> wrote: > > On Friday 13 September 2013 01:51:00 drago01 wrote: >> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled <o...@actcom.co.il> wrote: >> > - This means that any privileged service controlled by GUI client (e.g: >> > NetworkManager) is still only as secure as it's controller (e.g: >> > nm-applet). >> This is wrong. That's not how "controlling the service" works. > > Care to explain?
Yes. What I meant is nm-applet is not more privileged then any other application in the session. The policy says "the active session is allowed to do foo" not "nm-applet is allowed to do foo". So you can securing the "controller" wont help you much as long as any other app from the active session can be exploited. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
