Re: Next privilege escalation policy draft

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-02-01 at 15:47 -0800, Adam Williamson wrote:
> Hi again, folks. Here is another draft of the privilege escalation
> policy. This is the sixth draft (second to this list). Changes: one of
> Kevin Kofler's queries alerted me to the fact that somehow all the
> changes between draft 1 and draft 2 were lost from drafts 3 onwards,
> d'oh :) They are restored, which addresses some points people raised
> here that were previously raised and addressed on test list. I also
> tried to clarify some more that the planned system whereby there'll be
> an 'administrative users' group that the first account gets added to
> automatically and to which other users can be added manually is OK, and
> clarified the point KK misunderstood about what constitutes a 'policy
> escalation mechanism'.
> 
> again, comments are welcome! This is probably going to FESco next week,
> not tomorrow, apparently they have a heavy schedule tomorrow.
> 
> https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy

Thank you for taking this on.  Apologies for not looking this over
sooner, I've been away from email for the last two weeks.

Some nitpicking:

- "Read or write directly to or from system memory" is, technically,
something every process does.  "Device or kernel memory" might be closer
to the spirit of the law?

- Declaring "Read from system logs containing any information about user
activities" to be a privileged action, means that who(1) and last(1)
break, since utmp and wtmp are typically - intentionally - world
readable.  /var/log/ConsoleKit/history similarly.  I think this entire
rule is mostly subsumed under the "directly access or modify a file they
would usually be denied rights to" clause, though we'd probably also
want to define what kinds of log information are sensitive and what
aren't in that case, and enforce world-readability to match.

- ajax

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux