Security testing: need for a security policy, and a security-critical package process
Bill Nottingham
notting at redhat.com
Mon Nov 30 20:43:26 UTC 2009
Gene Czarcinski (gene at czarc.net) said:
> Keep it simple (KISS) for the initial attempt. It will grow more complicated
> all by itself as time passes.
>
> BTW, the security policy should assume that a grub password is in use so that
> a user cannot do something like disabling selinux by editing the kernel
> command line. This should be tested by the security QA.
That seems very broken. A security policy that is violated on every
single out of the box install that doesn't do customization?
Bill
More information about the fedora-devel-list
mailing list