Draft privilege escalation policy for comments
Miloslav Trmač
mitr at volny.cz
Sun Jan 31 14:48:29 UTC 2010
Kevin Kofler píše v Ne 31. 01. 2010 v 08:55 +0100:
> Adam Williamson wrote:
> > I think it's sensible, yeah. It's not really much bureaucracy; I don't
> > think it would ever be a good idea to introduce a new privilege
> > escalation mechanism without FESco knowing about it...
>
> Right now we're in a phase where a lot of stuff (system-config-*, several
> parts of KDE and some other stuff) is getting ported from running the whole
> app under consolehelper or kdesu to PolicyKit mechanisms. This is generally
> seen as a *good* thing. It'd be really annoying to have to go through a
> FESCo vote for every single one of those.
That's not the intent: "mechanism" is "the code that causes running
something as root", in this case DBus activation, not "the code running
as root" (a DBus server).
You are not required to announce / ask for approval of every new DBus
server - but if you want to introduce another program that allows
running something as root (new DBus, new sudo, ...), _that_ requires
approval / announcement of changes.
The purpose of these announcements is to allow the QA team and people
working on Fedora security to maintain a list of such mechanisms. If
the QA team or someone working on security knows there is userhelper or
DBus, they can search for packages that use it, and check the
configuration of the packages, do code reviews etc. If they don't know
about the mechanism, they can't check the users of the mechanism are
secure.
Mirek
More information about the devel
mailing list