On Thu, 2010-02-04 at 15:14 -0500, Adam Jackson wrote: > Some nitpicking: > > - "Read or write directly to or from system memory" is, technically, > something every process does. "Device or kernel memory" might be closer > to the spirit of the law? Yeah, that's one people have said is somewhat amorphous. It's important to note that I'm using the word 'directly' in the policy to mean 'allow to user to specifically control the process' - i.e. it's not just about an application the user is using reading memory, it's more about (apologies for my 1980s terminology :>) not letting the user PEEK and POKE. > - Declaring "Read from system logs containing any information about user > activities" to be a privileged action, means that who(1) and last(1) > break, since utmp and wtmp are typically - intentionally - world > readable. /var/log/ConsoleKit/history similarly. I think this entire > rule is mostly subsumed under the "directly access or modify a file they > would usually be denied rights to" clause, though we'd probably also > want to define what kinds of log information are sensitive and what > aren't in that case, and enforce world-readability to match. I don't understand much about utmp and wtmp, but if appropriate they could be specifically excepted from the policy. Ditto the ConsoleKit history. What's the rationale for these being world-readable? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
