Security testing: need for a security policy, and a security-critical package process
Matthias Clasen
mclasen at redhat.com
Tue Nov 24 00:38:55 UTC 2009
On Mon, 2009-11-23 at 19:36 -0500, Seth Vidal wrote:
>
> On Mon, 23 Nov 2009, Matthias Clasen wrote:
>
> > On Mon, 2009-11-23 at 18:31 -0500, Seth Vidal wrote:
> >
> >> Otherwise we open ourselves up to a less-secure-by-default posture in an
> >> average install.
> >>
> >> We've been in that position in the past and it is not a favorable place to
> >> be.
> >>
> >
> > We should just avoid to sink tons of QA resources in verifying that a
> > theoretical 'unprivileged user' can do nothing, when that role is not
> > something anybody would want to use anyway (because it can do nothing)
> > and is not the role that most users will actually end up with in a
> > typical desktop install.
>
> If someone installing/deploying fedora (or a fedora-derived spin) wants to
> configure a specific user or a set of users to have greater power, then
> they should be able to do that.
>
> The default as shipped in our packages should not empower users
> significantly.
>
> Default strict, configure relaxed.
I don't want to ship a desktop that doesn't let the user do useful
things.
How that translates in packages and defaults is not really the most
important part, but the plan is to have strict package defaults + a
policy package that makes things work.
The important part is that we QA the combination, not just the strict
defaults.
More information about the Fedora-security-list
mailing list