On a default installation? They can't but I think they can twiddle things in NetworkManager from the GUI IIRC.
But they also can't get to root via 'sudo' and we have rules for that. Polkit is basically sudo for DBus stuff and we have rules around what should, and should not, be done with sudo so I guess I expect the same thing with polkit. For instance, I could use pkexec to run arbitrary commands as root without a password if I have a rule set up for it. But, unlike sudo, there isn't a rule saying not to do that and a method to check for it. Thanks, Trevor On Mon, Sep 17, 2018 at 9:45 AM Thomas Haller <[email protected]> wrote: > On Mon, 2018-09-17 at 09:19 -0400, Trevor Vaughan wrote: > > Otherwise, there's a > > lovely gaping hole in the system security that can effectively be > > used to run pretty much anything with root permissions. > > Hi, > > This makes me wonder. How can an unpriviledged user get root > permissions on a default installation of RHEL? Either in general, or > specifically using NetworkManager. > > > best, > Thomas > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
