Security implications need to be thought through better

Posted Nov 21, 2009 1:34 UTC (Sat) by JoeBuck (guest, #2330)
Parent article: Fedora 12 and unprivileged package installation

It seems clear that there isn't anyone on the PolicyKit team who does what Bruce Schneier (among others) regularly urges: you need someone on your team who can think like a black hat. Given a proposed policy decision, what new attack vectors can it open up? Clearly there are SELinux folks who can think this way, but it doesn't seem that there's enough communication going on.