> Thorsten Leemhuis wrote: > > But we have other packages (I had two and still have one) that entered > > the repo with SUID binaries that were never reviewed by anyone. Do we > > care? Do we trust packagers (¹) enough to decide? > > We should definitely make sure they get looked-at. Copying bressers, > who might be able to help with drafting a plan. > Yes, this should get some attention from someone. There is no reason to allow any app that wants it to have suid. Things like consolehelper exist for just this reason. Within Red Hat I care for a suid whitelist. If it's not on the list, I have to be convinced that it should be. It works rather well honestly. It would probably make sense to give this task to the Fedora Security Response Team as it will be them cleaning up the mess after a "suid gone wild" event. -- JB -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list