Ticket #297 (closed task: fixed)
Please consider the idea of a security (privilege escalation) policy
|Reported by:||adamwill||Owned by:|
Escalating this issue to FESCo per discussion in QA meetings. The PackageKit? privilege escalation issue in Fedora 12 exposed the lack of any prescribed policy for dealing with privilege escalation in Fedora; this is currently left entirely to the packager's discretion. The advent of PolicyKit? means that privilege escalation will likely become a much more common issue in future and a consistent policy for its use seems like a good idea. The QA group's perspective on this is that it is very hard to 'test' this aspect of security if we have nothing to test it _against_ (i.e. a definition of what apps should and shouldn't do in terms of privilege escalation).
Spot wrote a blog post about this, with a proposed bullet-point 'policy', which received much feedback: http://spot.livejournal.com/312216.html
Two discussions on the -devel list:
Security policy oversight needed? - https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01125.html Security testing: need for a security policy, and a security-critical package process - https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01745.html
I did approach Fedora and Red Hat security teams about this issue and suggest the creation of a draft policy, but did not receive a response on this request. QA team doesn't feel qualified to actually draft out a policy, so we decided to file this ticket without one, and would like FESCo to consider whether such a policy should be created, and perhaps suggest someone or some group to help draft it.