Final (hopefully) privilege escalation policy draft

Tim Waugh twaugh at redhat.com
Thu Feb 11 09:48:19 UTC 2010


On Wed, 2010-02-10 at 12:48 -0800, Adam Williamson wrote:
> I have now adjusted the draft -
> https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy - to reflect all feedback from this list and from FESco. It will be reviewed again by FESco next week. Please raise any potential issues or further suggestions for adjustments before then. Of course, even if the policy is accepted by FESCo it will not be set in stone and changes and exceptions can be added in future as appropriate, but I'd like to have it as good as possible at first :) thanks all!

==>
In practice, packages which provide one or more of:

      * setuid binaries
      * PolicyKit policies
      * consolehelper configurations
      * udev rules

are likely to be affected by this policy
<==

Shouldn't

  * D-Bus services on the system bus

be listed there, to make sure that /etc/dbus-1/system.d/*.conf files are
sane?  It's just that it is quite a commonly used mechanism.

This was brought up in discussion of one of the first drafts, IIRC, so
perhaps it is intentionally omitted..?

Tim.
*/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20100211/2083bf45/attachment.bin 


More information about the test mailing list