Initial draft of privilege escalation policy

[James Laska]

On Thu, 2010-01-21 at 22:22 -0700, Kevin Fenzi wrote:
> On Thu, 21 Jan 2010 15:17:54 -0800
> Adam Williamson <awilliam at redhat.com> wrote:
> 
> > Here's a second draft, addressing several (not yet all) of the
> > concerns raised about the first.
> 
> A few general comments: 
> 
> - Might be nice to number/letter/enumerate the items... so you can
>   point to specific parts without excessive quoting. 

Oh, good idea.

> - Is it worth noting ConsoleKit/udev rules here that would give privs
>   to local users that remote ones don't get?
> 
> - Is it worth noting console users vs remote vs admin user types?

Another good point, I don't think we've touched on whether a remote user
can run {reboot,shutdown} yet.

> - Is dbus security worth mentioning? system vs session and what users
>   should be allowed, etc?
> 
> > Privilege Escalation Policy (draft)
> ...snip... 
> > == Enforcement ==
> > 
> > The [[QA]] team will check packages known to be capable of privilege
> > escalation for their compliance with this policy, both through manual
> > examination and automated testing via the AutoQA project.
> 
> Would it be worth having some kind of automated script that can find
> packages that might need scrutiny? ie, anything with suid binaries,
> anything with polkit files, anything with consolehelper

If at all possible, I'd like to make use of
https://fedorahosted.org/sectool for this.

> Sort of a critical path of security apps?
> 
> Looks like ubuntu has a pretty bare/skeleton policy at: 
> https://wiki.ubuntu.com/SecurityPolicy
> A few things there might be worth adding here. 
> 
> Anyhow, thanks for taking on this task!
> 
> kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20100122/7450b956/attachment.bin