[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



On Sun, 2008-12-07 at 14:29 -0900, Jeff Spaleta wrote:
> On Sun, Dec 7, 2008 at 5:54 AM, Steve Grubb <sgrubb redhat com> wrote:
> > Hope you find this informtion useful.
> 
> Well it's certainly going to make for a more rational discussion.
> 
> I still come back to one thing.  Could the file permissions be
> implemented differently so that CAPP compliance could be a system
> install time choice, instead of being expressed in the configuration
> of all installs?
> 
> Sort of how we make it possible for people who care about LSB
> compliance to be able to install the necessary bits without enforcing
> compliance on everyone else. Just sort of, I'm not suggesting security
> compliance and LSB compliance are anywhere close to the same thing in
> scope.
> 
> But what I am saying is that I'm not sure the restrictions and
> assumptions behind the logic of CAPP makes a lot of sense for our
> default target usecases.  We don't currently have a server target for
> example, and I'm not sure CAPP can be applied to something like a
> laptop desktop case without warping spacetime.
> 
> So taking a look at how CAPP compliance is handled now, could some of
> the restrictions like the permissions be handled in a more modular
> way? Could for example, things be changed so I could install a
> specialized fedora-CAPP package at install time which tightens up
> aspects of the system to bring it into CAPP compliance, instead of
> expressing those restrictions in the defualt settings of all installs?

Perhaps a bit like the 'bastille' hardening script?

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]