Initial draft of privilege escalation policy
Adam Williamson
awilliam at redhat.com
Thu Jan 21 23:16:06 UTC 2010
On Wed, 2010-01-20 at 19:40 +0100, drago01 wrote:
> On Wed, Jan 20, 2010 at 4:15 AM, Adam Williamson <awilliam at redhat.com>
> wrote:
> > Hi, everyone. As you may know if you've followed the meetings, FESCo
> has
> > cheerfully punted the privilege escalation policy issue back to us;
> they
> > want us to come up with a draft policy to take back to a FESCo
> meeting.
>
> > * Run an application that listens on a network port lower than 1024
> > * Mount or unmount anything (excluding automounted hotplugged
> storage
> > devices, and devices explicitly configured by the root user for
> > unprivileged use)
>
> Define "anything" what about fuse mounts? (like sshfs, or those done
> by gvfs)
Hmm. Should it perhaps talk instead about mounting anything outside of
the user's own home directory?
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the test
mailing list