Final (hopefully) privilege escalation policy draft
Adam Williamson
awilliam at redhat.com
Thu Feb 11 19:02:55 UTC 2010
On Thu, 2010-02-11 at 13:32 +0000, Richard W.M. Jones wrote:
> On Wed, Feb 10, 2010 at 05:19:59PM -0500, Tony Nelson wrote:
> > On 10-02-10 15:48:39, Adam Williamson wrote:
> > > Hi, all. So the privilege escalation policy went to FESco, who
> > > suggested some minor tweaks and a final run-by the mailing lists
> > > before it gets approved.
> > >
> > > I have now adjusted the draft -
> > > https://fedoraproject.org/wiki/User:Adamwill/
> > > Draft_Fedora_privilege_escalation_policy
> > > - to reflect all feedback from this list and from FESco. It will be
> > > reviewed again by FESco next week. Please raise any potential issues
> > > or further suggestions for adjustments before then. Of course, even
> > > if the policy is accepted by FESCo it will not be set in stone and
> > > changes and exceptions can be added in future as appropriate, but I'd
> > > like to have it as good as possible at first :) thanks all!
> >
> > "Directly read or write directly to or from system memory" has an extra
> > (or out of order) "directly".
>
> It's also going to be tricky to run any programs if they can't access
> the memory in the system. Can the definition be tightened up --
> eg. "kernel memory and memory-mapped devices" or "memory other than
> userspace pages allocated to the current user"?
Please read the preamble. It specifically (almost painfully) explains
the meaning of the word 'directly' and the key phrase 'cause to be
excepted provision waived'. When the user runs a program which accesses
memory, that's fine - that's 'cause to be performed'. What the provision
is attempting to disallow is the user directly examining or modifying
the contents of memory. I can make it less restrictive if this is still
desired, though. (It's something of a distinction without a difference
at present, because a user could of course write a program which runs
from their own space which then...accesses memory to which the user is
permitted access).
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list