On Fri, 2010-01-29 at 11:57 -0800, Adam Williamson wrote: > On Fri, 2010-01-29 at 13:41 -0500, Matthias Clasen wrote: > > On Thu, 2010-01-28 at 16:32 -0800, Adam Williamson wrote: > > > > > Do yell if you think > > > something urgently needs to be changed before then. Thanks! > > > > > > > Here is something that just came up internally, and that would probably > > be a worthwhile addition to your list of 'things to watch out for': > > > > Access control to devices is nowadays largely controlled by udev rules, > > and a package installing a bad set of rules can easily make a large > > chunk of your devices world-readable. 'udev rules' should be on the list > > of things to review. > > That seems like an implementation-of-policy-compliance-testing issue and > not something that needs explicitly mentioning in the policy. But indeed > it's a useful note: changes in udev rules should be something rpmguard > looks for and something the security testing procedures cover. thanks! I was thinking of this list: In practice, packages which provide one or more of: * setuid binaries * PolicyKit policies * consolehelper configurations are likely to be affected by this policy [...] I was suggesting to add udev rules to that list. Seems just as much an implementation detail as consolehelper configuration... -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
