[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Feature Proposal: Yum Integration



>>>>> "HHvB" == Horst H von Brand <vonbrand inf utfsm cl> writes:

HHvB> One of the basic guidelines when securing a system is to keep it
HHvB> as simple as possible, i.e., install only what is required, and
HHvB> keep a strict control over what is happening. Anything else ends
HHvB> with the sysadmin in a padded cell.

As long as users have the ability to make their own programs (and this
is REALLY hard to deny someone on Unix), you have lost that particular
battle anyway. I have to say I really like the idea of letting
non-root install software.

Packages which do not touch anything in /etc and have no suid bits
should be safe. Those rules do not cover all possible holes -- e.g. a
package could have a file /bin/man which did nasty things, in the hope
that someone privileged eventually reads a man page. Nevertheless,
deliberately malicious packages should be stopped by the Fedora
package review.


/Benny



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]