From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9D7551384BD for ; Tue, 15 Jan 2013 19:44:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1D7BE21C03D; Tue, 15 Jan 2013 19:44:31 +0000 (UTC) Received: from nm17.bullet.mail.ird.yahoo.com (nm17.bullet.mail.ird.yahoo.com [77.238.189.70]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A88D721C029 for ; Tue, 15 Jan 2013 19:44:28 +0000 (UTC) Received: from [77.238.189.51] by nm17.bullet.mail.ird.yahoo.com with NNFMP; 15 Jan 2013 19:44:26 -0000 Received: from [217.146.189.103] by tm4.bullet.mail.ird.yahoo.com with NNFMP; 15 Jan 2013 19:44:26 -0000 Received: from [127.0.0.1] by smtp119.mail.ird.yahoo.com with NNFMP; 15 Jan 2013 19:44:26 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1358279066; bh=RvQrFrdC8T8PzhBT4l/HeduP0awMoMBJJcywHNqZP+0=; h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Date:From:To:Subject:In-Reply-To:References:X-Mailer:Mime-Version:Content-Type:Content-Transfer-Encoding; b=LV30MnmVFLQYxXBeFBrh0B8PJHTrMgWRcfNTFxvfCJo76p7KeWCZhEvTjLUmcZydfhJWdgavhs7+PsuN+LMOxUOJzxoPBy0coRulE1kwQtWBd8KFhN63OoQIE8fvzs3Msi4EaF9kk5LbdMpy04MwutbspRzZ1j423WujV9ISUnM= X-Yahoo-Newman-Id: 478793.21554.bm@smtp119.mail.ird.yahoo.com Message-ID: <478793.21554.bm@smtp119.mail.ird.yahoo.com> X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 5vZLFYIVM1n2yvT4Kc5GT1OodMzbgGGzLSVzxOmrK1d_jrS k_oefwQqh6EQw5A4h5dBhEgpV8mVaCHx_Qx8V8j7.LpSItJr1qkso2KxnWBA jLFw5keb1YAGMiXzbB.DEl3XzQi1GKLNcaWw3x37AXsVsp5O3Olu1nWN9WR_ ZHYwLwHuZtWzdXDfGZ2GwuqvM66mNtTNlfn7fy3O55c3whelyIEckInhCgcT 8W3E73141pc2mnbFy3UIXxwGBkGJf9PQWwIfJDymrIXpc47ZyeBdfW1dEd2Q ftQ8B1u3.5vuI7V5Ox0S7yW59MriEIH2i8QpJ9v78_xykP3GjxUZXWkf2jVf aBQOJRbwZ88Mp_X9YJnoKcFS.Mo6uVEF.ZlaAh4BKFmmIfAn4r4P_tylb4cp gbQCraC3qRiyPdTotAnkw0TWKbzxFKL2PtnaXhyD6YdU08SRJ4kx.B6..TJl E6v9BHitcawDQHSz1XCj34h7boKsQLyYdb3LQ6bzb9VAW9KCcdJV7A3B2pGT xu9v9ljcrTQ2Xv_BQ36aObE75qeG3W8ELIEHJzk_p6.soKpUmQtN7Tej.GKH kzSFo_RrBh.dQDTsaPB.QQG0vCKy3DfTLk.AweEo- X-Yahoo-SMTP: UxXxlhuswBC4wbdewolpwSmT1iJVzQ-- Received: from sprat (ma1l1ists@92.27.156.6 with login) by smtp119.mail.ird.yahoo.com with SMTP; 15 Jan 2013 11:44:26 -0800 PST Date: Tue, 15 Jan 2013 19:43:34 +0000 From: Kevin Chadwick To: gentoo-dev@lists.gentoo.org Subject: Re: Debian patching KDE to use /etc for configuration (was: Re: [gentoo-dev] Re: Re: call for testers: udev predictable network interface names) In-Reply-To: References: <20130109221310.GA1749@linux1> <20130109145910.09fda2de@ritchie.cs.ubc.ca> <20130110001321.GA1971@linux1> <20130109164607.17fffc26@ritchie.cs.ubc.ca> <20130112021143.GA4547@rathaus.eclipse.co.uk> <20130112180312.GA19930@linux1> <20130114060401.GA1422@rathaus.eclipse.co.uk> <20130114143927.29496.qmail@stuge.se> <828504.87395.bm@smtp133.mail.ird.yahoo.com> <50F52185.9050905@gentoo.org> <423994.54595.bm@smtp102.mail.ird.yahoo.com> X-Mailer: KeVs Mailer Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 410f55cb-bbf5-4507-8cb4-84f9aaadcbf0 X-Archives-Hash: dd9ac1e1be2d159f05e1ad6e9c1de48a > > Unless sudo has some config setting that allows access only when > > logged in via console it isn't really a solution. > > > > Rich > > man sudoers -> /requiretty > > I manage 'thousands' of desktops at Google and we generally like > polkit. I never meant it is rubbish as such but I saw it as rediculously inferior to sudo before I even read this. http://drfav.wordpress.com/2012/05/11/the-quest-towards-trusted-client-applications-a-rambling/ > It is however, designed for graphical UI single-seat systems. > Its command line support sucks (they only added a CLI auth agent in > May) and it is not well adopted. Multi-user systems do not work well > with polkit. Certainly with polkit and dbus you can allow users to > take more specific action without complex wrappers, setuid scripts, or > sudo. Except you can't, it only encourages more coarse grained approaches, less useful commands available and devs to learn an api rather than C and simply moves code into a far less secure mechanism and increases the chance that the code will not be well designed to the task at hand and running as root. It can be a real pain to work out exactly what polkit allows and you cannot just edit it to suit your application and it completely ignores the existing unix security technologies with brilliant track records. You could try to argue that many eyes will look at a central piece of code but in fact less implementations will likely mean less eyes and just assumption that a guy who got JS through as a config language has everything covered. Granted, unmaintained code running as root may be higher with sudo but if it needs maintaining, should it be running as root at all or is it actually simply doing too much. > My package manager can have a polkit action like 'install a > signed package' and I can grant the user access to do that, but not > access to install unsigned packages (root exploit there...) or run > other dangerous apt commands. It comes built into apt, so I don't have > to write extra wrappers. That would be the default and wouldn't even need the command line argument control of sudo. Just allowing updates is apt-get update. In fact I have a debian system where experimental iceweasel is installable but nothing else. I have an Arch system where the only kernel updateable is a signed by me when offline kernel and polkit is disabled as I don't have the time to keep track of what it is permitting and code comments weren't helpful there. Sudo even supports regex! p.s. apt should be downloading as an _apt user, simply as best practice before adding polkit support ;-) -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________