On Thu, 21 Jan 2010 15:17:54 -0800 Adam Williamson <awilliam@xxxxxxxxxx> wrote: > Here's a second draft, addressing several (not yet all) of the > concerns raised about the first. A few general comments: - Might be nice to number/letter/enumerate the items... so you can point to specific parts without excessive quoting. - Is it worth noting ConsoleKit/udev rules here that would give privs to local users that remote ones don't get? - Is it worth noting console users vs remote vs admin user types? - Is dbus security worth mentioning? system vs session and what users should be allowed, etc? > Privilege Escalation Policy (draft) ...snip... > == Enforcement == > > The [[QA]] team will check packages known to be capable of privilege > escalation for their compliance with this policy, both through manual > examination and automated testing via the AutoQA project. Would it be worth having some kind of automated script that can find packages that might need scrutiny? ie, anything with suid binaries, anything with polkit files, anything with consolehelper Sort of a critical path of security apps? Looks like ubuntu has a pretty bare/skeleton policy at: https://wiki.ubuntu.com/SecurityPolicy A few things there might be worth adding here. Anyhow, thanks for taking on this task! kevin
Attachment:
signature.asc
Description: PGP signature
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
