Privilege escalation policy: third draft
Adam Williamson
awilliam at redhat.com
Fri Jan 29 19:57:35 UTC 2010
On Fri, 2010-01-29 at 13:41 -0500, Matthias Clasen wrote:
> On Thu, 2010-01-28 at 16:32 -0800, Adam Williamson wrote:
>
> > Do yell if you think
> > something urgently needs to be changed before then. Thanks!
> >
>
> Here is something that just came up internally, and that would probably
> be a worthwhile addition to your list of 'things to watch out for':
>
> Access control to devices is nowadays largely controlled by udev rules,
> and a package installing a bad set of rules can easily make a large
> chunk of your devices world-readable. 'udev rules' should be on the list
> of things to review.
That seems like an implementation-of-policy-compliance-testing issue and
not something that needs explicitly mentioning in the policy. But indeed
it's a useful note: changes in udev rules should be something rpmguard
looks for and something the security testing procedures cover. thanks!
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the test
mailing list