Next privilege escalation policy draft

Tomas Mraz tmraz at
Tue Feb 2 10:33:13 UTC 2010

On Mon, 2010-02-01 at 15:47 -0800, Adam Williamson wrote: 
> Hi again, folks. Here is another draft of the privilege escalation
> policy. This is the sixth draft (second to this list). Changes: one of
> Kevin Kofler's queries alerted me to the fact that somehow all the
> changes between draft 1 and draft 2 were lost from drafts 3 onwards,
> d'oh :) They are restored, which addresses some points people raised
> here that were previously raised and addressed on test list. I also
> tried to clarify some more that the planned system whereby there'll be
> an 'administrative users' group that the first account gets added to
> automatically and to which other users can be added manually is OK, and
> clarified the point KK misunderstood about what constitutes a 'policy
> escalation mechanism'.
> again, comments are welcome! This is probably going to FESco next week,
> not tomorrow, apparently they have a heavy schedule tomorrow.

What about all networking setup changes? Especially establishing a VPN
connection can be used to tunnel all traffic through a rogue VPN server
thus enabling attacker to monitor all the network traffic. The same
holds for enabling WLAN interfaces if they are currently disabled.

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the devel mailing list