| 1 |
> > |
| 2 |
> > How about uncommenting a line that does so. All you are buying into is |
| 3 |
> > a default setup. |
| 4 |
> |
| 5 |
> App authors don't ship configs like that though. Does apt ship a sudo |
| 6 |
> config? Does anything? |
| 7 |
|
| 8 |
Perhaps you missed my opening message on this topic, except it was in |
| 9 |
your first reply. |
| 10 |
|
| 11 |
__________________________________________________________________ |
| 12 |
|
| 13 |
I remember reading a while back that distros had some blunders in |
| 14 |
writing secure sudoers files and so it was emptied. Is that true? |
| 15 |
|
| 16 |
I still ascert that apps adding groups with NOPASSWD sudoers lines |
| 17 |
perhaps even commented out by default in all or some cases is far |
| 18 |
better than polkit for many reasons. Any counter argument can apply |
| 19 |
to sudo too and rather easily. |
| 20 |
____________________________________________________________________ |
| 21 |
|
| 22 |
> The nice thing about (really dbus, not so much polkit per se) is that |
| 23 |
> I can offer a nice API for applications that is not command line |
| 24 |
> based. No parsing strings, no 'oh this tool writes to stderr, that one |
| 25 |
> writes to stdout, I need to ignore these lines...) |
| 26 |
> |
| 27 |
|
| 28 |
What is wrong with sed and you can simply echo files in some sudoers.d |
| 29 |
config. What kind of unix dev cannot handle text strings. |
| 30 |
|
| 31 |
That is one of the problems with it too, especially if polkit becomes |
| 32 |
over used and perhaps this is below the belt but it's certainly true |
| 33 |
that IPC has caused Android more than enough security issues. |
| 34 |
|
| 35 |
> > |
| 36 |
> >> I don't understand 'the APIs that coders will learn instead of C.' Can |
| 37 |
> >> you elaborate? Polkit has a C api... |
| 38 |
> >> |
| 39 |
> > |
| 40 |
> > It has an api that is simply not needed? Small tools are better. |
| 41 |
> |
| 42 |
> You prefer the commandline api? (one byte for return values, half of |
| 43 |
> which are signals) |
| 44 |
> |
| 45 |
|
| 46 |
What's the problem there?. I have already stated some of the very |
| 47 |
important benefits. |
| 48 |
|
| 49 |
> > |
| 50 |
> >> I don't understand how the code will 'not be well designed to the |
| 51 |
> >> application at hand.' I mean ideally the API and the CLI are |
| 52 |
> >> essentially just wrappers around the same library of functions. |
| 53 |
> >> |
| 54 |
> > |
| 55 |
> > If you search for sites that evaluate polkit you will see that it is |
| 56 |
> > considered to encourage granting more permissions than necessary rather |
| 57 |
> > than coding a specific tool. |
| 58 |
> |
| 59 |
> Hah, because no one uses sudo to grant extraordinarily broad permissions. |
| 60 |
> |
| 61 |
|
| 62 |
They do, but it encourages them not to and not vice versa and they can |
| 63 |
easily customise the default rule to say emerge -moresecurethandefault |
| 64 |
|
| 65 |
Win Win and a couple more Wins in fact |
| 66 |
|
| 67 |
> > |
| 68 |
> >> Its unclear how polkit is 'hard'. Now it *is* new, and I will concede |
| 69 |
> >> you will have to read some manpages. However i don't think the |
| 70 |
> >> concepts are difficult. |
| 71 |
> > |
| 72 |
> > Man pages won't help with polkit and it actually generally ships with no |
| 73 |
> > configs by default. |
| 74 |
> |
| 75 |
> In Ubuntu Precise.. |
| 76 |
|
| 77 |
You still have to do way more than commenting or editing a file to |
| 78 |
restrict the default further, aka it's unlikely to happen. |
| 79 |
|
| 80 |
> |
| 81 |
> All of this is explained in man polkit. |
| 82 |
> |
| 83 |
|
| 84 |
And pkauthority and and .... How will that help when as I have |
| 85 |
mentioned a coders comments aren't even sure exactly what the code |
| 86 |
permits. |
| 87 |
|
| 88 |
> > |
| 89 |
> > I know about pkaction, the problem is that the actions tells you next to |
| 90 |
> > nothing about what is actually allowed. I haven't time to dig out one |
| 91 |
> > of the rediculous comments from the source now unfortunately. With |
| 92 |
> > small tools it's much better all round. |
| 93 |
> |
| 94 |
> Really? Please enumerate what giving someone access to 'emerge' can do. |
| 95 |
> |
| 96 |
|
| 97 |
Exactly, you see man emerge and grepping the source does work perfectly |
| 98 |
well there. You could make myemerge pretty quick too. |
| 99 |
|
| 100 |
|
| 101 |
> |
| 102 |
> No one maintains the sudo wrappers though. Someone maintains the |
| 103 |
> polkit actions. That someone also happens to be the upstream author. |
| 104 |
> |
| 105 |
|
| 106 |
That's what I am asking, is there any reason not to as it would be |
| 107 |
better? No reason has come up yet? |
| 108 |
|
| 109 |
|
| 110 |
> > |
| 111 |
> >> Is the polkit maintain any less 'trustworthy' than the gnome |
| 112 |
> >> maintainers? the kde maintainers? the kernel maintainers? At the end |
| 113 |
> >> of the day my machines are running software from thousands of |
| 114 |
> >> contributors. |
| 115 |
> >> |
| 116 |
> > |
| 117 |
> > I think that has been demonstrated and we are talking about root code |
| 118 |
> > and sudo is never running as such. |
| 119 |
> |
| 120 |
> I don't follow... |
| 121 |
> |
| 122 |
|
| 123 |
It is certainly far easier to exploit polkit than sudo with a decent |
| 124 |
sudoers of course for multiple reasons. |
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
-- |
| 129 |
_______________________________________________________________________ |
| 130 |
|
| 131 |
'Write programs that do one thing and do it well. Write programs to work |
| 132 |
together. Write programs to handle text streams, because that is a |
| 133 |
universal interface' |
| 134 |
|
| 135 |
(Doug McIlroy) |
| 136 |
_______________________________________________________________________ |
Archives