[149] in linux-security and linux-alert archive
Re: /usr/local/... file placement, and vendor security quality control
daemon@ATHENA.MIT.EDU (Marc Ewing)
Mon Mar 13 14:12:04 1995
From: Marc Ewing <marc@redhat.com>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 13 Mar 1995 12:23:58 -0500 (EST)
In-Reply-To: <m0ro4Rb-000EWrC@distrib.com> from "Andrew Cromarty" at Mar 12, 95 11:21:00 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> To keep this topic Linux-security related, and proactive: given that the
> FSSTND explicitly attempts to define what's "their vs. ours" in distributions,
> we should be encouraging all the distribution bundlers to make "their"
> file permissions as secure as possible. If we screw ours up, that's our
> problem. But part of every Slackware/InfoMagic/Morse/RedHat/Yggdrasil/...
> final quality control check should be ensuring that their product puts
> _everything_ in the right place at the right permissions---and as the
> Linux community's most security-conscious consumers, we on this list are
> the well qualified to make the vendors/distributors aware of this
> responsibility.
This would be a great help to me, as a distribution builder. A small
"Linux SECSTND" or some kind of simple validation suite would be an
*enormous* help. Not being a security expert by any means, I would
defer to the people on this list, both because the poeple on this list
most certainly know more about security than me and because I'm always
short for time.
> Imagine how quickly they get off their tails and work on this if, for
> example, the members of this list "voted" regularly on the most secure
> distribution and published the results of the vote as our collective
> considered opinion on these product's security value.
Some kind of evaluation would be a great help to both developers and
users, and would go a long way PR-wise for Linux in general.
-Marc
