[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SUID binaries in the repo



On Fri, 26 Oct 2007 07:47:31 -0400
Josh Bressers <bressers redhat com> wrote:

> Within Red Hat I care for a suid whitelist.  If it's not on the list,
> I have to be convinced that it should be.  It works rather well
> honestly.  It would probably make sense to give this task to the
> Fedora Security Response Team as it will be them cleaning up the mess
> after a "suid gone wild" event.

Can you help us draft up a new package review rule that will bring suid
things to your attention?  I think rpmlint may point out suid files, or
could be made to easily.  What's missing is a point of contact or a
bugzilla keyword or blocker list we set or something.

-- 
Jesse Keating
Fedora -- All my bits are free, are yours?

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]