More PATH fallout. Who decided this was a good idea?
Andrew Bartlett
abartlet at samba.org
Mon Dec 8 00:55:27 UTC 2008
On Sun, 2008-12-07 at 14:29 -0900, Jeff Spaleta wrote:
> On Sun, Dec 7, 2008 at 5:54 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> > Hope you find this informtion useful.
>
> Well it's certainly going to make for a more rational discussion.
>
> I still come back to one thing. Could the file permissions be
> implemented differently so that CAPP compliance could be a system
> install time choice, instead of being expressed in the configuration
> of all installs?
>
> Sort of how we make it possible for people who care about LSB
> compliance to be able to install the necessary bits without enforcing
> compliance on everyone else. Just sort of, I'm not suggesting security
> compliance and LSB compliance are anywhere close to the same thing in
> scope.
>
> But what I am saying is that I'm not sure the restrictions and
> assumptions behind the logic of CAPP makes a lot of sense for our
> default target usecases. We don't currently have a server target for
> example, and I'm not sure CAPP can be applied to something like a
> laptop desktop case without warping spacetime.
>
> So taking a look at how CAPP compliance is handled now, could some of
> the restrictions like the permissions be handled in a more modular
> way? Could for example, things be changed so I could install a
> specialized fedora-CAPP package at install time which tightens up
> aspects of the system to bring it into CAPP compliance, instead of
> expressing those restrictions in the defualt settings of all installs?
Perhaps a bit like the 'bastille' hardening script?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081208/025565b8/attachment.sig>
More information about the fedora-devel-list
mailing list