On Wed, Feb 10, 2010 at 05:19:59PM -0500, Tony Nelson wrote:
> On 10-02-10 15:48:39, Adam Williamson wrote:
> > Hi, all. So the privilege escalation policy went to FESco, who
> > suggested some minor tweaks and a final run-by the mailing lists 
> > before it gets approved.
> > 
> > I have now adjusted the draft -
> > https://fedoraproject.org/wiki/User:Adamwill/
> > Draft_Fedora_privilege_escalation_policy
> > - to reflect all feedback from this list and from FESco. It will be
> > reviewed again by FESco next week. Please raise any potential issues
> > or further suggestions for adjustments before then. Of course, even 
> > if the policy is accepted by FESCo it will not be set in stone and
> > changes and exceptions can be added in future as appropriate, but I'd
> > like to have it as good as possible at first :) thanks all!
> 
> "Directly read or write directly to or from system memory" has an extra 
> (or out of order) "directly".

It's also going to be tricky to run any programs if they can't access
the memory in the system.  Can the definition be tightened up --
eg. "kernel memory and memory-mapped devices" or "memory other than
userspace pages allocated to the current user"?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to