[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Thu, 2009-11-19 at 07:52 +0530, Rahul Sundaram wrote:
> On 11/19/2009 07:50 AM, Mike McGrath wrote:
> > On Wed, 18 Nov 2009, Jeff Garzik wrote:
> 
> >> 1) We should recognize this new policy departs from decades of Unix and Linux
> >> sysadmin experience.
> >>
> >> 2) F12 policy should be reverted to F11, ASAP.  Possibly with a CVE.
> >>
> >> 3) Due to #1, F13+ should not deviate from the decades-old default.
> >>
> >> 4) Release notes should explain new [and after step #2, optional] policy in
> >> detail, including how to turn it off again.  Seth's laudable write-up efforts
> >> should not have been necessary -- that info should be prepared.
> >>
> >> 5) The people who want this new security policy should add an opt-in checkbox
> >> in Anaconda or firstboot.
> >
> > 
> > Does anyone disagree with anything in 1-5?  It all sounds reasonable to
> > me?
> 
> Release notes are being updated as we speak. I think, the "role" of a
> system, be it a personal desktop, workstation, server or something else
> can change post-installation as well. I don't think a simple checkbox in
> Anaconda is going to be useful enough. We need a tool to switch policies
> easily so that we can tweak the policies across a wide range of tools
> with things like PolicyKit and each of these policies can be written
> with particular audiences in mind.
> 
> Rahul
> 

I agree with 1-4 and Rahul.

--Eric 

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]