FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 02-10-2010, 07:48 PM
Adam Williamson
 
Default Final (hopefully) privilege escalation policy draft

Hi, all. So the privilege escalation policy went to FESco, who suggested
some minor tweaks and a final run-by the mailing lists before it gets
approved.

I have now adjusted the draft -
https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy - to reflect all feedback from this list and from FESco. It will be reviewed again by FESco next week. Please raise any potential issues or further suggestions for adjustments before then. Of course, even if the policy is accepted by FESCo it will not be set in stone and changes and exceptions can be added in future as appropriate, but I'd like to have it as good as possible at first thanks all!
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-10-2010, 09:19 PM
Tony Nelson
 
Default Final (hopefully) privilege escalation policy draft

On 10-02-10 15:48:39, Adam Williamson wrote:
> Hi, all. So the privilege escalation policy went to FESco, who
> suggested some minor tweaks and a final run-by the mailing lists
> before it gets approved.
>
> I have now adjusted the draft -
> https://fedoraproject.org/wiki/User:Adamwill/
> Draft_Fedora_privilege_escalation_policy
> - to reflect all feedback from this list and from FESco. It will be
> reviewed again by FESco next week. Please raise any potential issues
> or further suggestions for adjustments before then. Of course, even
> if the policy is accepted by FESCo it will not be set in stone and
> changes and exceptions can be added in future as appropriate, but I'd
> like to have it as good as possible at first thanks all!

"Directly read or write directly to or from system memory" has an extra
(or out of order) "directly".

--
__________________________________________________ __________________
TonyN.:' <mailto:tonynelson@georgeanelson.com>
' <http://www.georgeanelson.com/>

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-10-2010, 11:58 PM
Adam Williamson
 
Default Final (hopefully) privilege escalation policy draft

On Wed, 2010-02-10 at 17:19 -0500, Tony Nelson wrote:

> "Directly read or write directly to or from system memory" has an extra
> (or out of order) "directly".

sigh. thanks.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 08:48 AM
Tim Waugh
 
Default Final (hopefully) privilege escalation policy draft

On Wed, 2010-02-10 at 12:48 -0800, Adam Williamson wrote:
> I have now adjusted the draft -
> https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy - to reflect all feedback from this list and from FESco. It will be reviewed again by FESco next week. Please raise any potential issues or further suggestions for adjustments before then. Of course, even if the policy is accepted by FESCo it will not be set in stone and changes and exceptions can be added in future as appropriate, but I'd like to have it as good as possible at first thanks all!

==>
In practice, packages which provide one or more of:

* setuid binaries
* PolicyKit policies
* consolehelper configurations
* udev rules

are likely to be affected by this policy
<==

Shouldn't

* D-Bus services on the system bus

be listed there, to make sure that /etc/dbus-1/system.d/*.conf files are
sane? It's just that it is quite a commonly used mechanism.

This was brought up in discussion of one of the first drafts, IIRC, so
perhaps it is intentionally omitted..?

Tim.
*/

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 09:21 AM
drago01
 
Default Final (hopefully) privilege escalation policy draft

On Wed, Feb 10, 2010 at 11:19 PM, Tony Nelson
<tonynelson@georgeanelson.com> wrote:
> On 10-02-10 15:48:39, Adam Williamson wrote:
>> Hi, all. So the privilege escalation policy went to FESco, who
>> suggested some minor tweaks and a final run-by the mailing lists
>> before it gets approved.
>>
>> I have now adjusted the draft -
>> https://fedoraproject.org/wiki/User:Adamwill/
>> Draft_Fedora_privilege_escalation_policy
>> - to reflect all feedback from this list and from FESco. It will be
>> reviewed again by FESco next week. Please raise any potential issues
>> or further suggestions for adjustments before then. Of course, even
>> if the policy is accepted by FESCo it will not be set in stone and
>> changes and exceptions can be added in future as appropriate, but I'd
>> like to have it as good as possible at first thanks all!
>
> "Directly read or write directly to or from system memory" has an extra
> (or out of order) "directly".

How exactly is "system memory" defined? The term seems rather vague to me ...
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 12:32 PM
"Richard W.M. Jones"
 
Default Final (hopefully) privilege escalation policy draft

On Wed, Feb 10, 2010 at 05:19:59PM -0500, Tony Nelson wrote:
> On 10-02-10 15:48:39, Adam Williamson wrote:
> > Hi, all. So the privilege escalation policy went to FESco, who
> > suggested some minor tweaks and a final run-by the mailing lists
> > before it gets approved.
> >
> > I have now adjusted the draft -
> > https://fedoraproject.org/wiki/User:Adamwill/
> > Draft_Fedora_privilege_escalation_policy
> > - to reflect all feedback from this list and from FESco. It will be
> > reviewed again by FESco next week. Please raise any potential issues
> > or further suggestions for adjustments before then. Of course, even
> > if the policy is accepted by FESCo it will not be set in stone and
> > changes and exceptions can be added in future as appropriate, but I'd
> > like to have it as good as possible at first thanks all!
>
> "Directly read or write directly to or from system memory" has an extra
> (or out of order) "directly".

It's also going to be tricky to run any programs if they can't access
the memory in the system. Can the definition be tightened up --
eg. "kernel memory and memory-mapped devices" or "memory other than
userspace pages allocated to the current user"?

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 02:16 PM
Till Maas
 
Default Final (hopefully) privilege escalation policy draft

On Wed, Feb 10, 2010 at 12:48:39PM -0800, Adam Williamson wrote:

> I have now adjusted the draft -
> https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy - to reflect all feedback from this list and from FESco. It will be reviewed again by FESco next week. Please raise any potential issues or further suggestions for adjustments before then. Of course, even if the policy is accepted by FESCo it will not be set in stone and changes and exceptions can be added in future as appropriate, but I'd like to have it as good as possible at first thanks all!

I added /dev/shm to the list of directories a user may write to. I
believe there was also an item about writing to user mounted
file systems, e.g. if a usb device is mounted at /media/disk, but it
seems to be gone.

Regards
Till
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 06:02 PM
Adam Williamson
 
Default Final (hopefully) privilege escalation policy draft

On Thu, 2010-02-11 at 13:32 +0000, Richard W.M. Jones wrote:
> On Wed, Feb 10, 2010 at 05:19:59PM -0500, Tony Nelson wrote:
> > On 10-02-10 15:48:39, Adam Williamson wrote:
> > > Hi, all. So the privilege escalation policy went to FESco, who
> > > suggested some minor tweaks and a final run-by the mailing lists
> > > before it gets approved.
> > >
> > > I have now adjusted the draft -
> > > https://fedoraproject.org/wiki/User:Adamwill/
> > > Draft_Fedora_privilege_escalation_policy
> > > - to reflect all feedback from this list and from FESco. It will be
> > > reviewed again by FESco next week. Please raise any potential issues
> > > or further suggestions for adjustments before then. Of course, even
> > > if the policy is accepted by FESCo it will not be set in stone and
> > > changes and exceptions can be added in future as appropriate, but I'd
> > > like to have it as good as possible at first thanks all!
> >
> > "Directly read or write directly to or from system memory" has an extra
> > (or out of order) "directly".
>
> It's also going to be tricky to run any programs if they can't access
> the memory in the system. Can the definition be tightened up --
> eg. "kernel memory and memory-mapped devices" or "memory other than
> userspace pages allocated to the current user"?

Please read the preamble. It specifically (almost painfully) explains
the meaning of the word 'directly' and the key phrase 'cause to be
excepted provision waived'. When the user runs a program which accesses
memory, that's fine - that's 'cause to be performed'. What the provision
is attempting to disallow is the user directly examining or modifying
the contents of memory. I can make it less restrictive if this is still
desired, though. (It's something of a distinction without a difference
at present, because a user could of course write a program which runs
from their own space which then...accesses memory to which the user is
permitted access).
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 06:06 PM
Adam Williamson
 
Default Final (hopefully) privilege escalation policy draft

On Thu, 2010-02-11 at 16:16 +0100, Till Maas wrote:
> On Wed, Feb 10, 2010 at 12:48:39PM -0800, Adam Williamson wrote:
>
> > I have now adjusted the draft -
> > https://fedoraproject.org/wiki/User:Adamwill/Draft_Fedora_privilege_escalation_policy - to reflect all feedback from this list and from FESco. It will be reviewed again by FESco next week. Please raise any potential issues or further suggestions for adjustments before then. Of course, even if the policy is accepted by FESCo it will not be set in stone and changes and exceptions can be added in future as appropriate, but I'd like to have it as good as possible at first thanks all!
>
> I added /dev/shm to the list of directories a user may write to. I
> believe there was also an item about writing to user mounted
> file systems, e.g. if a usb device is mounted at /media/disk, but it
> seems to be gone.

Added.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 06:06 PM
Adam Williamson
 
Default Final (hopefully) privilege escalation policy draft

On Thu, 2010-02-11 at 09:48 +0000, Tim Waugh wrote:

> Shouldn't
>
> * D-Bus services on the system bus
>
> be listed there, to make sure that /etc/dbus-1/system.d/*.conf files are
> sane? It's just that it is quite a commonly used mechanism.
>
> This was brought up in discussion of one of the first drafts, IIRC, so
> perhaps it is intentionally omitted..?

No, it probably just got lost in the shuffle. Added. Thanks.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 04:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org