[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SUID binaries in the repo



On Fri, Oct 26, 2007 at 09:53:24 -0400,
  Jesse Keating <jkeating redhat com> wrote:
> On Fri, 26 Oct 2007 07:47:31 -0400
> Josh Bressers <bressers redhat com> wrote:
> 
> > Within Red Hat I care for a suid whitelist.  If it's not on the list,
> > I have to be convinced that it should be.  It works rather well
> > honestly.  It would probably make sense to give this task to the
> > Fedora Security Response Team as it will be them cleaning up the mess
> > after a "suid gone wild" event.
> 
> Can you help us draft up a new package review rule that will bring suid
> things to your attention?  I think rpmlint may point out suid files, or
> could be made to easily.  What's missing is a point of contact or a
> bugzilla keyword or blocker list we set or something.

Note that a patch for capabilities being attached to files is going into
2.6.24 and you should probably have a plan for that. (Even scarier is that
I saw a comment that the nosuid mount parameter would not effect these files;
but that's a different problem than what's being discussed here.)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]