1 |
> > |
2 |
> > How about uncommenting a line that does so. All you are buying into is |
3 |
> > a default setup. |
4 |
> |
5 |
> App authors don't ship configs like that though. Does apt ship a sudo |
6 |
> config? Does anything? |
7 |
|
8 |
Perhaps you missed my opening message on this topic, except it was in |
9 |
your first reply. |
10 |
|
11 |
__________________________________________________________________ |
12 |
|
13 |
I remember reading a while back that distros had some blunders in |
14 |
writing secure sudoers files and so it was emptied. Is that true? |
15 |
|
16 |
I still ascert that apps adding groups with NOPASSWD sudoers lines |
17 |
perhaps even commented out by default in all or some cases is far |
18 |
better than polkit for many reasons. Any counter argument can apply |
19 |
to sudo too and rather easily. |
20 |
____________________________________________________________________ |
21 |
|
22 |
> The nice thing about (really dbus, not so much polkit per se) is that |
23 |
> I can offer a nice API for applications that is not command line |
24 |
> based. No parsing strings, no 'oh this tool writes to stderr, that one |
25 |
> writes to stdout, I need to ignore these lines...) |
26 |
> |
27 |
|
28 |
What is wrong with sed and you can simply echo files in some sudoers.d |
29 |
config. What kind of unix dev cannot handle text strings. |
30 |
|
31 |
That is one of the problems with it too, especially if polkit becomes |
32 |
over used and perhaps this is below the belt but it's certainly true |
33 |
that IPC has caused Android more than enough security issues. |
34 |
|
35 |
> > |
36 |
> >> I don't understand 'the APIs that coders will learn instead of C.' Can |
37 |
> >> you elaborate? Polkit has a C api... |
38 |
> >> |
39 |
> > |
40 |
> > It has an api that is simply not needed? Small tools are better. |
41 |
> |
42 |
> You prefer the commandline api? (one byte for return values, half of |
43 |
> which are signals) |
44 |
> |
45 |
|
46 |
What's the problem there?. I have already stated some of the very |
47 |
important benefits. |
48 |
|
49 |
> > |
50 |
> >> I don't understand how the code will 'not be well designed to the |
51 |
> >> application at hand.' I mean ideally the API and the CLI are |
52 |
> >> essentially just wrappers around the same library of functions. |
53 |
> >> |
54 |
> > |
55 |
> > If you search for sites that evaluate polkit you will see that it is |
56 |
> > considered to encourage granting more permissions than necessary rather |
57 |
> > than coding a specific tool. |
58 |
> |
59 |
> Hah, because no one uses sudo to grant extraordinarily broad permissions. |
60 |
> |
61 |
|
62 |
They do, but it encourages them not to and not vice versa and they can |
63 |
easily customise the default rule to say emerge -moresecurethandefault |
64 |
|
65 |
Win Win and a couple more Wins in fact |
66 |
|
67 |
> > |
68 |
> >> Its unclear how polkit is 'hard'. Now it *is* new, and I will concede |
69 |
> >> you will have to read some manpages. However i don't think the |
70 |
> >> concepts are difficult. |
71 |
> > |
72 |
> > Man pages won't help with polkit and it actually generally ships with no |
73 |
> > configs by default. |
74 |
> |
75 |
> In Ubuntu Precise.. |
76 |
|
77 |
You still have to do way more than commenting or editing a file to |
78 |
restrict the default further, aka it's unlikely to happen. |
79 |
|
80 |
> |
81 |
> All of this is explained in man polkit. |
82 |
> |
83 |
|
84 |
And pkauthority and and .... How will that help when as I have |
85 |
mentioned a coders comments aren't even sure exactly what the code |
86 |
permits. |
87 |
|
88 |
> > |
89 |
> > I know about pkaction, the problem is that the actions tells you next to |
90 |
> > nothing about what is actually allowed. I haven't time to dig out one |
91 |
> > of the rediculous comments from the source now unfortunately. With |
92 |
> > small tools it's much better all round. |
93 |
> |
94 |
> Really? Please enumerate what giving someone access to 'emerge' can do. |
95 |
> |
96 |
|
97 |
Exactly, you see man emerge and grepping the source does work perfectly |
98 |
well there. You could make myemerge pretty quick too. |
99 |
|
100 |
|
101 |
> |
102 |
> No one maintains the sudo wrappers though. Someone maintains the |
103 |
> polkit actions. That someone also happens to be the upstream author. |
104 |
> |
105 |
|
106 |
That's what I am asking, is there any reason not to as it would be |
107 |
better? No reason has come up yet? |
108 |
|
109 |
|
110 |
> > |
111 |
> >> Is the polkit maintain any less 'trustworthy' than the gnome |
112 |
> >> maintainers? the kde maintainers? the kernel maintainers? At the end |
113 |
> >> of the day my machines are running software from thousands of |
114 |
> >> contributors. |
115 |
> >> |
116 |
> > |
117 |
> > I think that has been demonstrated and we are talking about root code |
118 |
> > and sudo is never running as such. |
119 |
> |
120 |
> I don't follow... |
121 |
> |
122 |
|
123 |
It is certainly far easier to exploit polkit than sudo with a decent |
124 |
sudoers of course for multiple reasons. |
125 |
|
126 |
|
127 |
|
128 |
-- |
129 |
_______________________________________________________________________ |
130 |
|
131 |
'Write programs that do one thing and do it well. Write programs to work |
132 |
together. Write programs to handle text streams, because that is a |
133 |
universal interface' |
134 |
|
135 |
(Doug McIlroy) |
136 |
_______________________________________________________________________ |