Discussion summary: Mock security
Michael E Brown
Michael_E_Brown at dell.com
Thu Jun 8 00:39:25 UTC 2006
On Wed, 2006-06-07 at 19:52 -0400, Mike McLean wrote:
> Michael_E_Brown at Dell.com wrote:
> > -- Should we allow untrusted users access to the 'mock' group?
>
> This has been a concern of mine as well. However, I think the solution
> is not to harden mockhelper, but to change the role of mockhelper.
>
> At the moment, mock runs as a mortal user and uses mockhelper to execute
> a limited number of shell commands as root. What I'd like to do is have
> mock-helper (possibly renamed) run mock.py (and only mock.py) as root,
> letting mock.py take actions directly without having to filter back
> through mockhelper.
Ok, so this is the coolest proposed solution I have seen to this
problem. I like it a lot.
--
Michael
More information about the Fedora-buildsys-list
mailing list