LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Change in allowed-files policy on all fedora-maintained hosts

[Posted October 4, 2011 by corbet]

From:  seth vidal <skvidal-AT-fedoraproject.org>
To:  announce-AT-lists.fedoraproject.org
Subject:  Change in allowed-files policy on all fedora-maintained hosts
Date:  Fri, 30 Sep 2011 00:17:16 -0400
Message-ID:  <1317356236.8076.47.camel@oliver>
Archive-link:  Article, Thread 

In an ongoing effort to improve our security we have decided to disallow
any ssh private keys from being housed on any fedora-maintained system.
No user should have ever needed to upload an ssh private key, the public
keys are, of course just fine and required. However, on the off-chance
that someone has done this, we'll be performing audits of user homedirs
looking for ssh private keys.

If we find them we'll remove them and then remove the owning-user's ssh
public key from the Fedora Account System (FAS), forcing them to upload
a new one. We're taking this additional step to make sure that the
public key in FAS is not vulnerable due to their private key being
potentially exposed on a shared system.

You can refer to the allowable content section of the fedorapeople faq.
https://fedoraproject.org/wiki/Infrastructure/fedorapeopl...

These rules (and more), apply to our administrative systems and home
directories.

Thank You,
Fedora Infrastructure Team




-- 
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds