Privilege escalation policy: third draft

Adam Williamson awilliam at
Fri Jan 29 19:57:35 UTC 2010

On Fri, 2010-01-29 at 13:41 -0500, Matthias Clasen wrote:
> On Thu, 2010-01-28 at 16:32 -0800, Adam Williamson wrote:
> >  Do yell if you think
> > something urgently needs to be changed before then. Thanks!
> > 
> Here is something that just came up internally, and that would probably
> be a worthwhile addition to your list of 'things to watch out for':
> Access control to devices is nowadays largely controlled by udev rules,
> and a package installing a bad set of rules can easily make a large
> chunk of your devices world-readable. 'udev rules' should be on the list
> of things to review.

That seems like an implementation-of-policy-compliance-testing issue and
not something that needs explicitly mentioning in the policy. But indeed
it's a useful note: changes in udev rules should be something rpmguard
looks for and something the security testing procedures cover. thanks!
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org

More information about the test mailing list