Local users get to play root?
Jeff Garzik
jgarzik at pobox.com
Thu Nov 19 01:21:41 UTC 2009
On 11/18/2009 07:45 PM, Mike McGrath wrote:
> Stick with the facts, be clear about what you're
> trying to accomplish (changing it back in F13? Changing it back in F12?
> Setting a policy so stuff like this doesn't happen again?)
1) We should recognize this new policy departs from decades of Unix and
Linux sysadmin experience.
2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE.
3) Due to #1, F13+ should not deviate from the decades-old default.
4) Release notes should explain new [and after step #2, optional] policy
in detail, including how to turn it off again. Seth's laudable write-up
efforts should not have been necessary -- that info should be prepared.
5) The people who want this new security policy should add an opt-in
checkbox in Anaconda or firstboot.
Jeff
More information about the fedora-devel-list
mailing list