Hey, I've been thinking about sudo passwords (particularly on publictest machines, where security holes in apps being developed cant turn up from time to time).
Could enabling NOPASSWD for sudo and disabling agent forwarding on publictest machines be a good option for lowering the possible impact if anything were to happen on the publictest machines? The specific situation that I'm thinking about right now is: * Command execution hole in some app in testing (this has happened) * Kernel bugs like the two that have shown up in the past month * People like me regularly entering their FAS password on publictest machines and having SSH agent forwarding enabled Maybe this is being too paranoid or not the best ultimate solution (Mike mentioned that he was looking into alternatives to entering sudo passwords, for example), but it does seem like a real risk given the freedom we allow for testing stuff out on the publictest machines. Thanks, Ricky
pgpBHzHd0NyKp.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
