On Wed, Oct 29, 2008 at 8:53 AM, Colin Walters > Note that from the desktop direction we've been moving the OS away > from exec-based domain transitions to message passing (e.g. PolicyKit) > for a variety of reasons. I think it might be worth considering > introducing a rule actually in Fedora for "no new SUID/fcap binaries", > or at least they would have to pass some sort of robust review > process. I think I like that idea. As part of that is there a way we could get a comprehensive list of the suid binaries we currently carry that would be grandfather'd in? So we can know how concerted extra effort would need to be done to help existing packages come into compliance? -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
