Discussion summary: Mock security
Jeremy Katz
katzj at redhat.com
Wed Jun 7 12:29:00 UTC 2006
Michael_E_Brown at Dell.com wrote:
> After looking closely at the mock-helper source, I have identified
> several problematic areas, listed below. I do not believe, given the
> current state of mock-helper, that we should endorse the idea of
> allowing untrusted users access to the 'mock' group. We should very
> prominently label mock as giving, essentially, root access to each user
> you allow to run it. I believe the wiki, the help text of "mock -h", the
> mock README, and the mock man page should all be updated with this
> information.
I think this makes sense to do as the short-term "so we can get mock 0.6
out" as there are a lot of cool and important stuff that people are
clamoring for.
Then, post 0.6, focusing a bit on fixing the areas of security concern
would seem to make sense.
Jeremy
More information about the Fedora-buildsys-list
mailing list