On Mon, 2010-02-01 at 15:47 -0800, Adam Williamson wrote: > Hi again, folks. Here is another draft of the privilege escalation > policy. This is the sixth draft (second to this list). Changes: one of > Kevin Kofler's queries alerted me to the fact that somehow all the > changes between draft 1 and draft 2 were lost from drafts 3 onwards, > d'oh :) They are restored, which addresses some points people raised > here that were previously raised and addressed on test list. I also > tried to clarify some more that the planned system whereby there'll be > an 'administrative users' group that the first account gets added to > automatically and to which other users can be added manually is OK, and > clarified the point KK misunderstood about what constitutes a 'policy > escalation mechanism'. > > again, comments are welcome! This is probably going to FESco next week, > not tomorrow, apparently they have a heavy schedule tomorrow. > > https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy What about all networking setup changes? Especially establishing a VPN connection can be used to tunnel all traffic through a rogue VPN server thus enabling attacker to monitor all the network traffic. The same holds for enabling WLAN interfaces if they are currently disabled. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel