-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael E Brown wrote: > On Wed, 2006-06-07 at 19:52 -0400, Mike McLean wrote: >> [EMAIL PROTECTED] wrote: >>> -- Should we allow untrusted users access to the 'mock' group? >> This has been a concern of mine as well. However, I think the solution >> is not to harden mockhelper, but to change the role of mockhelper. >> >> At the moment, mock runs as a mortal user and uses mockhelper to execute >> a limited number of shell commands as root. What I'd like to do is have >> mock-helper (possibly renamed) run mock.py (and only mock.py) as root, >> letting mock.py take actions directly without having to filter back >> through mockhelper. > > Ok, so this is the coolest proposed solution I have seen to this > problem. I like it a lot.
How would we tell that the mock.py being run as root is the mock.py we all know and love (and not one defiled by some black hat)? Clark "not a security guru" Williams -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEh3p+Hyuj/+TTEp0RAoF0AJ0b0DM1jE3ecx9Fqt7bDr5gMl0Z6wCgwgB0 cD61rpHx/+yuQ8yxVBdmC8Y= =henS -----END PGP SIGNATURE----- -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
