Henri <[EMAIL PROTECTED]> wrote:That was a simple suggestion, it seemed important to me, that's all. Is security concerning only security experts ? I don't think so. Where is the problem to be a customer asking questions about security yo the expert precisly ?! If you can justify the choice not to do audits, then every thing is alright ! why answering me this way ? If mandrake security team does not like this kind of questions, allright, i'll remember not to be worried about security if i choose mandrake. I asks questions to my internet provider, why not asking them to mandrake ? I think every customer should wait for infos about security.
OpenSource is said to be more secure : a question has come to my mind
: before releasing the 9.1, will there be a security audit on critical
apps, on drakconf tools ecc. or not ?
These tools only run with root permissions. Mot much to hack anymore once you got that.
Perhaps this would avoid big holes like the shutdown one, no ?
That's a local exploit. I can think of a few other local ``exploits'' as well, like booting in single user mode.
I think you'd better leave the worrying about security to the experts.
Concerning the root excecution of drake tools, would it be profitable to use systrace ?
# Han
