On Tue, Feb 24, 2009 at 10:47:57AM -0700, Michal Jaegermann wrote: > On Tue, Feb 24, 2009 at 08:42:56AM -0500, Steve Grubb wrote: > > On Tuesday 24 February 2009 01:40:40 am Gregory Maxwell wrote: > > > This shouldn't have been sent to this list: It should have been filed > > > as a confidential bug, it's CERT announcement material. I guess its > > > too late now. > > > > Yes, I think so, too. From a security PoV, this creates a big problem in log > > correlation. > > This is public as https://bugzilla.redhat.com/show_bug.cgi?id=450304 > for close to nine months now. BTW - defaults are really trivial to fix and it is very easy to repair that on any particular system. The problem is, of course, that now you have to check every single one and changing defaults with a help of polkit-action does not automatically revoke already self-granted priviledges. The next headache. Michal -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
