Comment Re:Quite possibly the stupidest vulnerability ever (Score 2) 118
Please; this had nothing to do with systemd. It's about PackageKit, which has been around for quite a bit longer. The problem is with the part of their PackageKit configuration which apparently allows administrators to install software without authenticating first. It's rather like putting the line
%wheel ALL = (root) NOPASSWD:
in your sudoers file. PolicyKit can also be configured to require authentication for each action, it just wasn't set up that way on their system. There's nothing wrong with identifying the members of the "wheel" group as administrators, but the policies should be configured such that administrators need to authenticate prior to installing new software. (This seems to be the default on CentOS 6.4; I have no idea what they were running. "pkcon install" does not work by default here without authentication, even for a member of the "wheel" group.)