On 01/07/2024 22:52, Aoife Moloney wrote:
This proposal adds a new dedicated `diskadmin` group, allowing users to manage external drives without needing to be in the `wheel` group.
Users with this permission can easily mount an external drive with suid binary and gain root access to entire system. This defeats the entire purpose of an ACL.
I am strongly against this from a security standpoint. -- Sincerely, Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx) -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
