Local users get to play root?
Mike McGrath
mmcgrath at redhat.com
Thu Nov 19 02:20:50 UTC 2009
On Wed, 18 Nov 2009, Jeff Garzik wrote:
> On 11/18/2009 07:45 PM, Mike McGrath wrote:
> > Stick with the facts, be clear about what you're
> > trying to accomplish (changing it back in F13? Changing it back in F12?
> > Setting a policy so stuff like this doesn't happen again?)
>
>
> 1) We should recognize this new policy departs from decades of Unix and Linux
> sysadmin experience.
>
> 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE.
>
> 3) Due to #1, F13+ should not deviate from the decades-old default.
>
> 4) Release notes should explain new [and after step #2, optional] policy in
> detail, including how to turn it off again. Seth's laudable write-up efforts
> should not have been necessary -- that info should be prepared.
>
> 5) The people who want this new security policy should add an opt-in checkbox
> in Anaconda or firstboot.
>
Does anyone disagree with anything in 1-5? It all sounds reasonable to
me?
-Mike
More information about the fedora-devel-list
mailing list