Initial draft of privilege escalation policy

James Laska jlaska at
Fri Jan 22 13:43:32 UTC 2010

On Thu, 2010-01-21 at 22:22 -0700, Kevin Fenzi wrote:
> On Thu, 21 Jan 2010 15:17:54 -0800
> Adam Williamson <awilliam at> wrote:
> > Here's a second draft, addressing several (not yet all) of the
> > concerns raised about the first.
> A few general comments: 
> - Might be nice to number/letter/enumerate the items... so you can
>   point to specific parts without excessive quoting. 

Oh, good idea.

> - Is it worth noting ConsoleKit/udev rules here that would give privs
>   to local users that remote ones don't get?
> - Is it worth noting console users vs remote vs admin user types?

Another good point, I don't think we've touched on whether a remote user
can run {reboot,shutdown} yet.

> - Is dbus security worth mentioning? system vs session and what users
>   should be allowed, etc?
> > Privilege Escalation Policy (draft)
> ...snip... 
> > == Enforcement ==
> > 
> > The [[QA]] team will check packages known to be capable of privilege
> > escalation for their compliance with this policy, both through manual
> > examination and automated testing via the AutoQA project.
> Would it be worth having some kind of automated script that can find
> packages that might need scrutiny? ie, anything with suid binaries,
> anything with polkit files, anything with consolehelper

If at all possible, I'd like to make use of for this.

> Sort of a critical path of security apps?
> Looks like ubuntu has a pretty bare/skeleton policy at: 
> A few things there might be worth adding here. 
> Anyhow, thanks for taking on this task!
> kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : 

More information about the test mailing list