On Fri, Oct 26, 2007 at 09:53:24 -0400, Jesse Keating <jkeating@xxxxxxxxxx> wrote: > On Fri, 26 Oct 2007 07:47:31 -0400 > Josh Bressers <bressers@xxxxxxxxxx> wrote: > > > Within Red Hat I care for a suid whitelist. If it's not on the list, > > I have to be convinced that it should be. It works rather well > > honestly. It would probably make sense to give this task to the > > Fedora Security Response Team as it will be them cleaning up the mess > > after a "suid gone wild" event. > > Can you help us draft up a new package review rule that will bring suid > things to your attention? I think rpmlint may point out suid files, or > could be made to easily. What's missing is a point of contact or a > bugzilla keyword or blocker list we set or something. Note that a patch for capabilities being attached to files is going into 2.6.24 and you should probably have a plan for that. (Even scarier is that I saw a comment that the nosuid mount parameter would not effect these files; but that's a different problem than what's being discussed here.) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
