* [gentoo-dev] rfc: news item for changed polkit default group
@ 2012-01-30 12:22 Samuli Suominen
2012-01-30 13:05 ` Ulrich Mueller
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Samuli Suominen @ 2012-01-30 12:22 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 99 bytes --]
was asked about this at IRC today, so I suppose we should convey this
information better to users
[-- Attachment #2: 2012-01-30-polkit-default-AdminIdentities-is-group-wheel.en.txt --]
[-- Type: text/plain, Size: 545 bytes --]
Title: Default value of AdminIdentities changed to group wheel in PolicyKit
Author: Samuli Suominen <ssuominen@gentoo.org>
Content-Type: text/plain
Posted: 2012-01-30
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: sys-auth/polkit
The default value of AdminIdentities changed to group wheel by upstream
since version 0.103.
This means users in group wheel are allowed to execute commands like
"pkexec bash" to gain root shell.
You can change the default value at:
# $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] rfc: news item for changed polkit default group
2012-01-30 12:22 [gentoo-dev] rfc: news item for changed polkit default group Samuli Suominen
@ 2012-01-30 13:05 ` Ulrich Mueller
2012-01-30 13:44 ` Samuli Suominen
2012-01-30 13:44 ` Olivier Crête
2012-01-30 14:08 ` Cyprien Nicolas
2 siblings, 1 reply; 6+ messages in thread
From: Ulrich Mueller @ 2012-01-30 13:05 UTC (permalink / raw
To: gentoo-dev
>>>>> On Mon, 30 Jan 2012, Samuli Suominen wrote:
> was asked about this at IRC today, so I suppose we should convey this
> information better to users
> Title: Default value of AdminIdentities changed to group wheel in PolicyKit
Too long, GLEP 42 allows a maximum of 44 characters (excluding "Title: ").
> Author: Samuli Suominen <ssuominen@gentoo.org>
> Content-Type: text/plain
> Posted: 2012-01-30
> Revision: 1
> News-Item-Format: 1.0
> Display-If-Installed: sys-auth/polkit
> The default value of AdminIdentities changed to group wheel by upstream
> since version 0.103.
Maybe the package name sys-auth/polkit should appear somewhere in the
item's body text?
> This means users in group wheel are allowed to execute commands like
> "pkexec bash" to gain root shell.
> You can change the default value at:
> # $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] rfc: news item for changed polkit default group
2012-01-30 12:22 [gentoo-dev] rfc: news item for changed polkit default group Samuli Suominen
2012-01-30 13:05 ` Ulrich Mueller
@ 2012-01-30 13:44 ` Olivier Crête
2012-01-30 14:08 ` Cyprien Nicolas
2 siblings, 0 replies; 6+ messages in thread
From: Olivier Crête @ 2012-01-30 13:44 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 313 bytes --]
On Mon, 2012-01-30 at 14:22 +0200, Samuli Suominen wrote:
> The default value of AdminIdentities changed to group wheel by
> upstream since version 0.103.
You never mention what the old value was.. useful to figure out if it
will cause problems.
--
Olivier Crête
tester@gentoo.org
Gentoo Developer
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] rfc: news item for changed polkit default group
2012-01-30 13:05 ` Ulrich Mueller
@ 2012-01-30 13:44 ` Samuli Suominen
0 siblings, 0 replies; 6+ messages in thread
From: Samuli Suominen @ 2012-01-30 13:44 UTC (permalink / raw
To: gentoo-dev
On 01/30/2012 03:05 PM, Ulrich Mueller wrote:
>>>>>> On Mon, 30 Jan 2012, Samuli Suominen wrote:
>
>> was asked about this at IRC today, so I suppose we should convey this
>> information better to users
>
>> Title: Default value of AdminIdentities changed to group wheel in PolicyKit
>
> Too long, GLEP 42 allows a maximum of 44 characters (excluding "Title: ").
>
>> Author: Samuli Suominen<ssuominen@gentoo.org>
>> Content-Type: text/plain
>> Posted: 2012-01-30
>> Revision: 1
>> News-Item-Format: 1.0
>> Display-If-Installed: sys-auth/polkit
>
>> The default value of AdminIdentities changed to group wheel by upstream
>> since version 0.103.
>
> Maybe the package name sys-auth/polkit should appear somewhere in the
> item's body text?
>
>> This means users in group wheel are allowed to execute commands like
>> "pkexec bash" to gain root shell.
>
>> You can change the default value at:
>> # $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
>
... this is no longer relevant as I've just pushed 0.104-r1 for fast
stabilization within security bug restoring the old behavior as per
recommendation of the gentoo security team (a3li mostly ;-)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] rfc: news item for changed polkit default group
2012-01-30 12:22 [gentoo-dev] rfc: news item for changed polkit default group Samuli Suominen
2012-01-30 13:05 ` Ulrich Mueller
2012-01-30 13:44 ` Olivier Crête
@ 2012-01-30 14:08 ` Cyprien Nicolas
2012-01-30 14:10 ` Samuli Suominen
2 siblings, 1 reply; 6+ messages in thread
From: Cyprien Nicolas @ 2012-01-30 14:08 UTC (permalink / raw
To: gentoo-dev
Samuli Suominen wrote:
> was asked about this at IRC today, so I suppose we should convey this
> information better to users
> You can change the default value at:
> # $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
The default file states:
> # Configuration file for the PolicyKit Local Authority.
> #
> # DO NOT EDIT THIS FILE, it will be overwritten on update.
It seems there is no CONFIG_PROTECT_MASK to exclude that peculiar
file from CONFIG_PROTECT.
Maybe this line should be removed from that file? I wondered which
file should be edited to keep my settings over updates.
--
Cyprien Nicolas
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] rfc: news item for changed polkit default group
2012-01-30 14:08 ` Cyprien Nicolas
@ 2012-01-30 14:10 ` Samuli Suominen
0 siblings, 0 replies; 6+ messages in thread
From: Samuli Suominen @ 2012-01-30 14:10 UTC (permalink / raw
To: gentoo-dev
On 01/30/2012 04:08 PM, Cyprien Nicolas wrote:
> Samuli Suominen wrote:
>> was asked about this at IRC today, so I suppose we should convey this
>> information better to users
>
>> You can change the default value at:
>> # $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
>
> The default file states:
>> # Configuration file for the PolicyKit Local Authority.
>> #
>> # DO NOT EDIT THIS FILE, it will be overwritten on update.
>
> It seems there is no CONFIG_PROTECT_MASK to exclude that peculiar
> file from CONFIG_PROTECT.
>
> Maybe this line should be removed from that file? I wondered which
> file should be edited to keep my settings over updates.
>
The way I've restored the default value of group "0" in polkit-0.104-r1
is I've added 60-gentoo.conf to /etc/polkit-1/localauthority.conf.d that
will override the one with lower number, 50.
So that news item draft that suggested altering this file was stupid to
begin with.
Sorry for confusion.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-01-30 14:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-30 12:22 [gentoo-dev] rfc: news item for changed polkit default group Samuli Suominen
2012-01-30 13:05 ` Ulrich Mueller
2012-01-30 13:44 ` Samuli Suominen
2012-01-30 13:44 ` Olivier Crête
2012-01-30 14:08 ` Cyprien Nicolas
2012-01-30 14:10 ` Samuli Suominen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox