Ticket #297 (closed task: fixed)

Opened 4 years ago

Last modified 4 years ago

Please consider the idea of a security (privilege escalation) policy

Reported by: adamwill Owned by:
Priority: major Keywords: writeup
Cc: jlaska Blocked By:
Blocking:

Description

Escalating this issue to FESCo per discussion in QA meetings. The PackageKit? privilege escalation issue in Fedora 12 exposed the lack of any prescribed policy for dealing with privilege escalation in Fedora; this is currently left entirely to the packager's discretion. The advent of PolicyKit? means that privilege escalation will likely become a much more common issue in future and a consistent policy for its use seems like a good idea. The QA group's perspective on this is that it is very hard to 'test' this aspect of security if we have nothing to test it _against_ (i.e. a definition of what apps should and shouldn't do in terms of privilege escalation).

Reference material:

Spot wrote a blog post about this, with a proposed bullet-point 'policy', which received much feedback: http://spot.livejournal.com/312216.html

Two discussions on the -devel list:

Security policy oversight needed? - https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01125.html Security testing: need for a security policy, and a security-critical package process - https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01745.html

I did approach Fedora and Red Hat security teams about this issue and suggest the creation of a draft policy, but did not receive a response on this request. QA team doesn't feel qualified to actually draft out a policy, so we decided to file this ticket without one, and would like FESCo to consider whether such a policy should be created, and perhaps suggest someone or some group to help draft it.

Change History

comment:1 Changed 4 years ago by jlaska

  • Cc jlaska added

comment:2 Changed 4 years ago by kevin

  • Keywords meeting added

Setting the meeting keyword here so we at least discuss it at the next meeting.

Would anyone like to take the lead here in drafting a policy? Perhaps using spot's checklist as a outline?

Does RHEL have such a policy? Could we take that and adapt it? Do other distro's have policies we could look at?

comment:3 Changed 4 years ago by kevin

I didn't change the CC for this trac instance before my last comment. Hopefully it will take now. :)

To repeat:

Setting the meeting keyword here so we at least discuss it at the next meeting.

Would anyone like to take the lead here in drafting a policy? Perhaps using spot's checklist as a outline?

Does RHEL have such a policy? Could we take that and adapt it? Do other distro's have policies we could look at?

comment:4 Changed 4 years ago by kevin

  • Keywords writeup added; meeting removed

This was approved at the 2010-02-16 meeting.

Adam: Can you mail devel-announce and add it into the wiki? Let me know if you would like me to do any of that.

comment:5 Changed 4 years ago by kevin

  • Resolution set to fixed
  • Status changed from new to closed

This was announced and put in place. Closing now.

Note: See TracTickets for help on using tickets.