Re: Security incident on Fedora infrastructure on 23 Jan 2011

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2011-01-25 10:50:48 PM, Till Maas wrote:
> Did he really not have write access to the Fedora wiki or the different
> trac instances (wiki, ticket system) on fedorahosted? I am not sure how
> it is handled, but he also might have had push access to the comps repo
> on fedorahosted.
Sorry, these are omissions on our part.  All packagers have edit
access to the Fedora wiki, push access to comps on fedorahosted, and all
Fedora Accounts are able to login to fedorahosted trac instances (with
no special privileges by default).

We found no unverifed Fedora wiki edits or pushes to comps from the
account in question.

> Additionally it would be nice to investigate whether the account was
> used to access the test machine resources for package maintainers:
> https://fedoraproject.org/wiki/Test_Machine_Resources_For_Package_Maintainers
Good point.  We don't run those machines, and all packagers have sudo
there , so Fedora packagers should consider it unsafe to forward their
SSH agent or enter any sensitive information on those machines.  We'll
get in touch with Kevin about checking those machines though.

Thanks,
Ricky

Attachment: pgpswboTHFxSW.pgp
Description: PGP signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux