[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

On 11/19/2009 07:50 AM, Mike McGrath wrote:
> On Wed, 18 Nov 2009, Jeff Garzik wrote:

>> 1) We should recognize this new policy departs from decades of Unix and Linux
>> sysadmin experience.
>> 2) F12 policy should be reverted to F11, ASAP.  Possibly with a CVE.
>> 3) Due to #1, F13+ should not deviate from the decades-old default.
>> 4) Release notes should explain new [and after step #2, optional] policy in
>> detail, including how to turn it off again.  Seth's laudable write-up efforts
>> should not have been necessary -- that info should be prepared.
>> 5) The people who want this new security policy should add an opt-in checkbox
>> in Anaconda or firstboot.
> Does anyone disagree with anything in 1-5?  It all sounds reasonable to
> me?

Release notes are being updated as we speak. I think, the "role" of a
system, be it a personal desktop, workstation, server or something else
can change post-installation as well. I don't think a simple checkbox in
Anaconda is going to be useful enough. We need a tool to switch policies
easily so that we can tweak the policies across a wide range of tools
with things like PolicyKit and each of these policies can be written
with particular audiences in mind.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]