Jason L Tibbitts III wrote, at 11/12/2008 12:51 AM +9:00:
I do many package reviews, and occasionally I see a package that is fine packaging-wise but which I don't feel comfortable approving because I know it has security implications. One such package is schroot, which has some pam magic to allow users to set up chroots. https://bugzilla.redhat.com/show_bug.cgi?id=447368 It's quite possible that I'm simply being overly paranoid, but of course I'm not qualified to say one way or the other. Is it possible for someone with more knowledge in this area to take a look at the package? What would be needed? (Perhaps a scratch build, or are the src.rpm and spec sufficient?) Could we work out a simple procedure for doing this in the future? - J<
Some days ago my potential sponsornee submitted a review request, which (according to the explanation) uses chroot() and has some setuid binaries. I guess I can "basic" reviews also required for other packages, however for security matters I really applicate any help from who knows how to deal with securitly issues. https://bugzilla.redhat.com/show_bug.cgi?id=479546 - Jailkit limits user accounts to specific files and/or commands Regards, Mamoru -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
