Fedora 11: moving to posix file capabilities?
Jeff Spaleta
jspaleta at gmail.com
Wed Oct 29 17:16:41 UTC 2008
On Wed, Oct 29, 2008 at 8:53 AM, Colin Walters
> Note that from the desktop direction we've been moving the OS away
> from exec-based domain transitions to message passing (e.g. PolicyKit)
> for a variety of reasons. I think it might be worth considering
> introducing a rule actually in Fedora for "no new SUID/fcap binaries",
> or at least they would have to pass some sort of robust review
> process.
I think I like that idea. As part of that is there a way we could get
a comprehensive list of the suid binaries we currently carry that
would be grandfather'd in? So we can know how concerted extra effort
would need to be done to help existing packages come into compliance?
-jef
More information about the fedora-devel-list
mailing list