Next privilege escalation policy draft
Tomas Mraz
tmraz at redhat.com
Tue Feb 2 10:33:13 UTC 2010
On Mon, 2010-02-01 at 15:47 -0800, Adam Williamson wrote:
> Hi again, folks. Here is another draft of the privilege escalation
> policy. This is the sixth draft (second to this list). Changes: one of
> Kevin Kofler's queries alerted me to the fact that somehow all the
> changes between draft 1 and draft 2 were lost from drafts 3 onwards,
> d'oh :) They are restored, which addresses some points people raised
> here that were previously raised and addressed on test list. I also
> tried to clarify some more that the planned system whereby there'll be
> an 'administrative users' group that the first account gets added to
> automatically and to which other users can be added manually is OK, and
> clarified the point KK misunderstood about what constitutes a 'policy
> escalation mechanism'.
>
> again, comments are welcome! This is probably going to FESco next week,
> not tomorrow, apparently they have a heavy schedule tomorrow.
>
> https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy
What about all networking setup changes? Especially establishing a VPN
connection can be used to tunnel all traffic through a rogue VPN server
thus enabling attacker to monitor all the network traffic. The same
holds for enabling WLAN interfaces if they are currently disabled.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the devel
mailing list