On Thu, 2006-03-30 at 12:44 -0500, Matthew Miller wrote: > On Thu, Mar 30, 2006 at 11:54:54AM -0500, David Zeuthen wrote: > > No, my view is that consolehelper is fundamentally flawed. Now that we > > have something like D-BUS there is absolutely no reason, apart from > > laziness, that you ever want run X11 programs as root or another user. > > Think for a minute about just how much code runs with root. Not to > > mention desktop integration issues [1]. > > Well, having this would allow the existing consolehelper to take the place > of the "polkit-su" tool you mention in > <http://lists.freedesktop.org/archives/hal/2006-March/004770.html>. So > instead of having a new thing, consolehelper could auth to access your > 'polkit' user. > > It seems better to me to make this rather small change to consolehelper > rather than to make yet another tool from scratch. Maybe I'm missing > something important, though -- that often happens. :) The point is that "a tool to run things as root" is an awful design choice. The thing it's trying to solve is "a way for users who have administrative permissions to do administrative tasks". It used to be that our main model for doing this was "allow $USER to run $PROGRAM as root", which is the consolehelper and sudo way. But we had another one too -- USERCTL in network scripts. With dbus, we can take the USERCTL way another step forward. And in fact we have -- this is essentially the NetworkManager model. NM does the network configuration, but nm-applet has no such permissions. And unlike e.g. sudoers, the interface between nm-applet and NM doesn't lend itself to unconstrained exploits. -- Peter
