On Thu May 22 2008, Mike McGrath wrote: > On Thu, 22 May 2008, Jeremy Katz wrote: > > And the risk isn't increased by us allowing third-party groups to do > > auth via FAS. This risk is present whenever any user logs in to another > > machine with agent forwarding. Which is requested by the user/client -- > > not the machine being logged into > > The risk does increase as far as targeting goes though. If you were to do > this type of attack right now, how would you go about doing it and what > machines would you use? If we start allowing third party machines that > have basically no barrier to entry it becomes much easier to plan and > execute the attack. One can still provide services to Fedora maintainers without using FAS, e.g. a ppc machine that can be used by maintainers to debug their package on that arch. Then the maintainers would send their ssh public key by themself to the administrator of the machine. Regards, Till
Description: This is a digitally signed message part.