LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Announcements
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Distributions

News and Editorials

Fedora's privilege escalation policy proposal

By Jake Edge
February 3, 2010

Back in November, when Fedora 12 was released, there was something of an uproar over a new feature that allowed unprivileged package installation. While there are differing opinions on how sensible it was to add that feature, Fedora developers would much rather argue about that before a release is made—rather than shortly after, as happened with Fedora 12. To that end, Adam Williamson has been drafting a "Fedora privilege escalation policy" that seeks to clearly identify the types of package behavior that should either be avoided for unprivileged users, or undergo more thorough review.

There are two principles to guide the policy, which essentially encapsulate the idea that unprivileged users should not be able to "break" things for other users:

An unprivileged user without administrative authentication must not be able to change the behavior of the system "as a whole" (as viewed by other users or by network clients), unless the system behavior is intended to be dependent on the actions of the unprivileged user.

An unprivileged user without administrative authentication must not be able to bypass or override other users' reasonable expectation of privacy of their data, where "reasonable" is limited by what computers can do, what Linux can express, AND explicit actions by the "other user" to configure access permissions.

The policy then gives examples of package elements that are likely to make a package subject to the policy, such as setuid programs, PolicyKit policies, or udev rules. It also lists nearly two dozen actions that should only be allowed for privileged users. Privileged users, for the purposes of the policy, are those that authenticate with the root password, use sudo if that is configured by the administrator, or are the first user account added—without an additional password check—for approved Fedora spins that grant administrative privileges to that account. The latter is in keeping with the idea of a "desktop spin" that would be targeted at single-user systems, where the user and the administrator are one and the same.

The list of privileged-only actions is fairly comprehensive. Earlier drafts, like one posted to the fedora-testers mailing list, were discussed with additions and wording changes made. One somewhat puzzling omission is the ability to upgrade an installed package. Though it appears as a privileged operation in an earlier draft announced on fedora-devel, that was an oversight, which Williamson corrected. The PackageKit policy for Fedora 12 allows unprivileged upgrades, and the intent is to continue that policy.

Allowing unprivileged upgrades, while much less potentially dangerous than the original Fedora 12 policy, still has its share of pitfalls. Allowing regular users the ability to upgrade assumes that security vulnerabilities are not introduced in package upgrades. It may also run counter to an administrator's policies as Davide Cescato points out in a comment on the original Fedora 12 bug:

On the machine I maintain there are currently a couple of updates that I do not want to carry out, since I know that they lead to regressions or undesired side effects. I can as well think of an administrator who only want to perform security updates, or of an administrator who prefer to pick updates selectively. In such cases, a local user who performs all available updates effectively "spoils" the administrator's work.

Overall, though, the policy is well thought-out and covers the kinds of problems that new or updated packages might cause. There has been some resistance to the enforcement and approval elements of the policy, but that seems to be based on a misunderstanding. The intent of the policy is that new mechanisms which affect privileges need review, not new users of existing mechanisms (such as PolicyKit, kdesu, etc.). As Miloslav Trmač put it:

You are not required to announce / ask for approval of every new DBus server - but if you want to introduce another program that allows running something as root (new DBus, new sudo, ...), _that_ requires approval / announcement of changes.

The purpose of these announcements is to allow the QA team and people working on Fedora security to maintain a list of such mechanisms. If the QA team or someone working on security knows there is userhelper or DBus, they can search for packages that use it, and check the configuration of the packages, do code reviews etc. If they don't know about the mechanism, they can't check the users of the mechanism are secure.

As a set of guidelines to help packagers, testers, and reviewers, the proposed policy is quite useful. Williamson plans to present the draft to the Fedora board at its meeting on February 9, so it may become Fedora policy in the very near future. Beyond that, though, it would also be a good starting point for other distributions that are considering policies to help tighten up the security of their packages.

Comments (none posted)

New Releases

Debian GNU/Linux 5.0 updated

The Debian project has announced the fourth update of its stable distribution Debian GNU/Linux 5.0 (codename "lenny"). "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included."

Comments (none posted)

Its here! openSUSE 11.3 Milestone 1

The first openSUSE 11.3 Milestone release is available for testing. "This is the first step toward the next openSUSE release. The most important goal of this first milestone is to test the build interactions between newly added features in openSUSE Factory, also known as "get the snapshot to build". It is in no way feature complete or ready for daily usage. There is no code freeze for any component yet, so many major changes are still to come."

Full Story (comments: none)

New Owl ISOs, OpenVZ container templates; Debian integrates new passwdqc

Click below for some announcements from the Openwall Project. Fresh ISO images and pre-created OpenVZ container templates of Owl-current for x86 and x86-64 are available. Also Martin F. Krafft adopted the passwdqc Debian package and brought it up to date.

Full Story (comments: none)

Tiny Core Linux for XO-1 and XO-1.5

A build of Tiny Core Linux for XO-1 and XO-1.5 (based on OLPC build 802 and os108) has been announced. This build is based on the Tiny Core 2.8 microcore variant and uses the OLPC kernel for hardware support.

Full Story (comments: none)

Ubuntu 8.04.4 LTS released

The Ubuntu team has announced the release of Ubuntu 8.04.4 LTS, the fourth maintenance update to Ubuntu's 8.04 LTS release. "This release includes updated server, desktop, and alternate installation CDs for the i386 and amd64 architectures. Ubuntu 8.04 LTS continues to be maintained through 2011 for desktops and 2013 for servers through online updates, but this is the final maintenance release of 8.04 LTS."

Full Story (comments: none)

Distribution News

Debian GNU/Linux

Debian policy update (3.8.4.0)

Debian policy 3.8.4.0 has been uploaded. Click below for a list of changes.

Full Story (comments: none)

Mandriva Linux

Noteworthy Mandriva Cooker changes 18 January - 31 January 2010

Frederik Himpe covers some recent changes in Mandriva development. "Linux kernel 2.6.33 rc6 is now the default kernel in Mandriva Cooker. In this kernel, the anticipatory I/O scheduler has been removed, and there were again various performance improvements to the CFQ I/O scheduler, which is the default already for a long time. There were also different performance improvements to KVM virtualization (such as improved kernel context switching speed and IRQ scaling). There are power saving improvements in the Intel i915 driver (render standby and LVDS downclock, the latter being disabled by default for now), a new driver supporting VMware's paravirtualized SCSI device, better support for ALPS DualPoint touchpad/trackpoint on some Dell laptops, and many other improvements to hardware support."

Comments (none posted)

Mandriva Brazil launches its brand new website

Mandriva has announced the launch of a new website for its Brazilian subsidiary: www.mandriva.com/br. "With www.mandriva.com/br, Brazilian will be able to download Mandriva Linux free solutions, and buy Mandriva Linux's products and goodies on the Mandriva Online Store. You will find: videos and detailed features, informations on training courses, contributions to Mandriva. Each visitors can create its very own Mandriva account, access to Mandriva forums and community resources, as well as our web-support contact details."

Comments (none posted)

Ubuntu family

Jono Bacon: Connecting The Opportunistic Dots

Ubuntu community manager Jono Bacon writes about a software stack that is geared towards "opportunistic developers" on his blog. The stack is based on Python and GNOME, using GTK, GStreamer, Glade, and DesktopCouch. Ubuntu developers have been adding tools like Quickly and Ground Control to integrate it more closely with features like Launchpad, Bazaar, and Personal Package Archives. "We have been seeing a growing movement inside the Ubuntu community in helping to make Ubuntu a rocking platform for opportunistic developers. While all the components are Open Source and can be shipped on any distribution, I am really keen for Ubuntu to really optimize and integrate around the needs of opportunistic programmers and I just wanted to highlight some of the work that has happened here."

Comments (7 posted)

International Women's Day stories about Ubuntu and the computing longevity meme

The latest initiative by the Ubuntu Women Project is a contest to collect "How I discovered Ubuntu" stories written by women. The winner will be announced on March 8th, International Women's Day. "One of the goals of this initiative is to try and answer the "How can I get $woman to use Ubuntu?" question that we often get by demonstrating that there is no single answer for it. Women get involved and interested in Ubuntu for all kinds of reasons, and without knowing anything about her there is really no way to know what specific spark will get her interested in involvement. (For what it's worth, a much better question is "$woman is interested in $subject and is tied to Windows for $reason but doesn't like it for $another_reason, she currently uses her computer for $thing0 and $thing1, do you have any suggestions as to how I can try and convert her to Ubuntu?")"

Comments (1 posted)

Distribution Newsletters

DistroWatch Weekly, Issue 338

The DistroWatch Weekly for February 1, 2010 is out. "User-friendliness of computer operating systems is something that gets often discussed in open-source software circles. But adding features that are designed to attract more new users isn't always viewed positively in some hard-core geek communities. This week's feature story examines a case of a developer who was met with a hostile reception when he tried to present his easy-to-use live CD to an unforgiving group of OpenBSD hackers. In the news section, Sun Microsystems closes its corporate web site, but what does that mean for some of its popular products? Also in this week's issue, we investigate the idea of converting the ext3 file system to the newer ext4, take a look at Ubuntu's controversial deal with Yahoo, and link to an article that reveals a little-known, but useful Mandriva feature. All this and more in this week's issue of DistroWatch Weekly - happy reading!"

Comments (none posted)

Fedora Weekly News #211

The Fedora Weekly News for January 31, 2010 is out. "Our issue kicks off with a couple development announcements related to the Fedora 13 Feature Freeze last week for Feature and Spin submissions. In news from the Fedora Planet, several posts about opensource.com, coverage of a "State of the Union" from Red Hat's Jim Whitehurst, progress on Máirín Duffy's Inkspace course to a Boston area middle school, coverage of a discussion around Fedora's goals from several Fedora Project leaders, and enthusiasm for Gource, "an amazing program for visualizing commit history in a git-based code project." In Ambassador news, an event report for the Cerea Fair contributed by several people from Italy that drew 20,000, including blog postings and photos. In news from the Design team, details on preparation for Fedora 13 Alpha, with upcoming decisions this week on Fedora 13 wallpaper, and coverage of some ideas for Fedora 13 overall designs. The Security Advisories beat brings us current with last week's Fedora 11 and 12 security patches. We hope you enjoy FWN 211!"

Full Story (comments: none)

openSUSE Weekly News/108

This issue of the openSUSE Weekly News covers * openSUSE News: Wanted: Linux Community Manager, * Sirko Kemter: Art-Team meeting, * Worldlabel.com/Dmitri Popov: OpenOffice.org Extensions for Business Users, * Ben Kevan: Installing KDE 4.4 RC2 on openSUSE and Kubuntu Linux, and * LinuxFoundation: Sign Up for the Free Linux Training Webinar Series.

Comments (none posted)

Ubuntu Weekly Newsletter #178

The Ubuntu Weekly Newsletter for January 30, 2010 is out. "In this issue we cover: Contribute with Ubuntu One Bug Day, Lucid changes to Firefox default search provider, Announcement: Ubuntu Server update for Lucid Alpha3, Interview With Ubuntu Manual Project Leader Ben Humphrey, Ubuntu Honduras, Back up old sources from PPA's, Improved Bug Patch Notifications, Getting your code into Launchpad, Ubuntu Developer Week Recap, Canonical Voices, Ubuntu Community Learning Project Update, NZ school ditches Microsoft and goes totally open source, Full Circle Magazine #33, and much, much more!"

Full Story (comments: none)

Newsletters and articles of interest

Martin F. Krafft: DistroSummit 2010

Martin Krafft covers the Distrosummit at linux.conf.au. "The theme of the day was cross-distro collaboration, and we started the day a little bit on the Debian-side with Lucas Nussbaum telling us about quality assurance in Debian, alongside an overview of available resources. We hoped to give people from other distros pointers, and solicit feedback that would enable us to tie quality assurance closer together."

Comments (none posted)

Fedora vs. Ubuntu: Is Either Better? (Datamation)

Bruce Byfield looks at Fedora and Ubuntu. "In the last five years, both Fedora and Ubuntu have attracted large and rapidly growing communities, often governed by codes of conduct and having their own in-person meetings -- FUDCon for Fedora and the Ubuntu Developer Summit for Ubuntu. Members of both are also active in other free and open source software meetings, especially GNOME's GUADEC. In short, Fedora and Ubuntu have evolved surprisingly similar structures. The main difference lies in their goals: Ubuntu aims to provide "an open-source alternative to Windows and Office," and is currently focusing on usability improvements, while Fedora's goal is to create "a Linux-based operating system that showcases the latest in free and open source software.""

Comments (3 posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds