On Mon, Nov 23, 2009 at 05:55:15PM -0500, Matthias Clasen wrote: > On Mon, 2009-11-23 at 14:08 -0800, Adam Williamson wrote: > > > It's not QA's role to define exactly what the security policy should > > look like or what it should cover, but from the point of view of > > testing, what we really need are concrete requirements. The policy does > > not have to be immediately comprehensive - try and cover every possible > > security-related issue - to be valuable. Something as simple as spot's > > proposed list of things an unprivileged user must not be able to do - > > http://spot.livejournal.com/312216.html - would serve a valuable purpose > > here. > > I don't think spots list is too useful, unfortunately; discussing an > abstract 'unprivileged user' without defining some roles and use cases > doesn't make much sense to me. There is probably a difference between a > guest account and a regular (non-admin) user in what I want them to be > able to do; 'unprivileged user' does not allow that distinction. And > there is certainly a difference between what a regular user is expected > to be allowed on a family computer vs a university computer lab. > This is debatable. I certainly don't want a regular user at my family computer to be able to do anything they couldn't also do at a university computer. I don't want to worry about my ISP cutting off my internet access because one of my family members have enough permissions to get a trojan or virus installed on the system, for instance. The option to give other family members that much leeway as part of making things convenient for them to do other things can be a nice thing, but turning it on by default, even when it's possibly the most convenient approach, should be approached cautiously. Linux has several foundational features like being multiuser, designed with a security model that mitigates risk, and integrated into the network. When we touch these areas, we need to make sure that we're not compromising the foundations at the same time. -Toshio
Attachment:
pgpicpvVbQQ2n.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list