From Fedora Project Wiki
(note the updates policy page) |
(Updated mission) |
||
| Line 1: | Line 1: | ||
== Fedora Security Response Procedures == | == Mission == | ||
The Security SIG has three missions that contributors can assist with: | |||
# Secure Coding | |||
# Code Auditing | |||
# Security Response | |||
== Secure Coding == | |||
== Code Auditing == | |||
== Security Response == | |||
=== Fedora Security Response Procedures === | |||
If you would like to report any potential security issues with Fedora follow the procedures in [[Security/Bugs|Security Bugs]] page for escalated attention to it. | If you would like to report any potential security issues with Fedora follow the procedures in [[Security/Bugs|Security Bugs]] page for escalated attention to it. | ||
== Security Issues Classification == | === Security Issues Classification === | ||
So what counts a security issue in Fedora? Find answers in the [[Security/Classifications|Security Classifications]] page. | So what counts a security issue in Fedora? Find answers in the [[Security/Classifications|Security Classifications]] page. | ||
== Security Status == | === Security Status === | ||
The current security status of Fedora is available from [[Security/Status|Security Status]] page. | The current security status of Fedora is available from [[Security/Status|Security Status]] page. | ||
== Security Features == | === Security Features === | ||
Security features available in Fedora is explained on [[Security/Features|Security Features]] page. | Security features available in Fedora is explained on [[Security/Features|Security Features]] page. | ||
== Security Mailing list == | === Security Mailing list === | ||
Fedora {{fplist|security}} list: For discussion about improvement of Fedora security. Other mailing lists are available at the [[Communicating_and_getting_help#Mailing_Lists|Communicate]] page | Fedora {{fplist|security}} list: For discussion about improvement of Fedora security. Other mailing lists are available at the [[Communicating_and_getting_help#Mailing_Lists|Communicate]] page | ||
== Fedora Security Response == | === Fedora Security Response === | ||
The Fedora [[Security/ResponseTeam|Security Response Team]] handles security issues within Fedora. The Red Hat security team can be reached by mailing secalert AT SPAMFREE redhat DOT com. Information regarding known public issues can be found on the [[Security/Status|Security Status]] page. | The Fedora [[Security/ResponseTeam|Security Response Team]] handles security issues within Fedora. The Red Hat security team can be reached by mailing secalert AT SPAMFREE redhat DOT com. Information regarding known public issues can be found on the [[Security/Status|Security Status]] page. | ||
== Endemic Security Risks == | === Endemic Security Risks === | ||
Due to the Fedora Project's use of resources not directly under our control, such as mirrors, Fedora and its users have exposure to [[Mirror_manager_security_risks|additional endemic risks]], and takes as many steps as possible mitigate these risks. | Due to the Fedora Project's use of resources not directly under our control, such as mirrors, Fedora and its users have exposure to [[Mirror_manager_security_risks|additional endemic risks]], and takes as many steps as possible mitigate these risks. | ||
== References == | === References === | ||
* http://people.redhat.com/drepper/nonselsec.pdf | * http://people.redhat.com/drepper/nonselsec.pdf | ||
| Line 33: | Line 44: | ||
* [[Updates_Policy|Fedora Updates Policy]] | * [[Updates_Policy|Fedora Updates Policy]] | ||
== Presentations == | === Presentations === | ||
* http://fedoraproject.org/wiki/Presentations | * http://fedoraproject.org/wiki/Presentations | ||
== Fedora Security Advisories == | === Fedora Security Advisories === | ||
* http://fedoraproject.org/wiki/FSA | * http://fedoraproject.org/wiki/FSA | ||
== Fedora Security Tracking Bugs == | === Fedora Security Tracking Bugs === | ||
* To track security vulnerabilities in packages, [[Security/TrackingBugs|tracking bugs]] are used. | * To track security vulnerabilities in packages, [[Security/TrackingBugs|tracking bugs]] are used. | ||
== List of Embedded Software == | === List of Embedded Software === | ||
* We are maintaining a list of embedded software within various packages. This will help us to quickly identify if a problem in library X can be corrected with updating library X, or if it also requires updating other packages that may contain their own private copies of library X. The [[Security/EmbeddedSoftware|embedded software list]] is used for this purpose. | * We are maintaining a list of embedded software within various packages. This will help us to quickly identify if a problem in library X can be corrected with updating library X, or if it also requires updating other packages that may contain their own private copies of library X. The [[Security/EmbeddedSoftware|embedded software list]] is used for this purpose. | ||
== List of SUID / SGID executables == | === List of SUID / SGID executables === | ||
* We are maintaining a list of SUID / SGID bit equipped executables | * We are maintaining a list of SUID / SGID bit equipped executables | ||
Revision as of 15:32, 26 March 2013
Mission
The Security SIG has three missions that contributors can assist with:
- Secure Coding
- Code Auditing
- Security Response
Secure Coding
Code Auditing
Security Response
Fedora Security Response Procedures
If you would like to report any potential security issues with Fedora follow the procedures in Security Bugs page for escalated attention to it.
Security Issues Classification
So what counts a security issue in Fedora? Find answers in the Security Classifications page.
Security Status
The current security status of Fedora is available from Security Status page.
Security Features
Security features available in Fedora is explained on Security Features page.
Security Mailing list
Fedora security list: For discussion about improvement of Fedora security. Other mailing lists are available at the Communicate page
Fedora Security Response
The Fedora Security Response Team handles security issues within Fedora. The Red Hat security team can be reached by mailing secalert AT SPAMFREE redhat DOT com. Information regarding known public issues can be found on the Security Status page.
Endemic Security Risks
Due to the Fedora Project's use of resources not directly under our control, such as mirrors, Fedora and its users have exposure to additional endemic risks, and takes as many steps as possible mitigate these risks.
References
- http://people.redhat.com/drepper/nonselsec.pdf
- http://docs.fedoraproject.org/selinux-faq/
- Fedora Updates Policy
Presentations
Fedora Security Advisories
Fedora Security Tracking Bugs
- To track security vulnerabilities in packages, tracking bugs are used.
List of Embedded Software
- We are maintaining a list of embedded software within various packages. This will help us to quickly identify if a problem in library X can be corrected with updating library X, or if it also requires updating other packages that may contain their own private copies of library X. The embedded software list is used for this purpose.
List of SUID / SGID executables
- We are maintaining a list of SUID / SGID bit equipped executables
within various packages. This will help us to quickly identify privileged binaries. This list is preliminary planned to be prepared for Fedora release of 14 and it will be enhanced later to include list of privileged binaries in also in newer versions of Fedora. The list of SUID SGID executables is used for this purpose.