[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora 11: moving to posix file capabilities?



On Wed, Oct 29, 2008 at 8:53 AM, Colin Walters
> Note that from the desktop direction we've been moving the OS away
> from exec-based domain transitions to message passing (e.g. PolicyKit)
> for a variety of reasons.  I think it might be worth considering
> introducing a rule actually in Fedora for "no new SUID/fcap binaries",
> or at least they would have to pass some sort of robust review
> process.


I think I like that idea.  As part of that is there a way we could get
a comprehensive list of the suid binaries we currently carry that
would be grandfather'd in?  So we can know how concerted extra effort
would need to be done to help existing packages come into compliance?

-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]