Re: netcfg wlan connection renewal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Sep 28, 2011 at 10:02 PM, Fons Adriaensen <fons@xxxxxxxxxxxxxx> wrote:
> On Wed, Sep 28, 2011 at 08:55:30PM +0200, Tom Gundersen wrote:
>> On Wed, Sep 28, 2011 at 2:51 PM, Philipp Überbacher
>> <hollunder@xxxxxxxxxxx> wrote:
>> > meanwhile and provides a CLI interface it still requires polkit. Polkit
>> > requires consolekit and both mean configuration and maintenance trouble.
>>
>> Just a quick comment in case someone happens to read this: neither PK
>> nor CK should require any configuration at all for most users (at
>> least if you use a DE).
>
> Which makes me wonder again (and so far nobody has given
> me a clear answer to this, and the docs don't either):
>
> Either
>
> - PK (or a desktop app using it) is able to override
>  lower level system security settings (in which case
>  to me it's malware),
> - or it relies on permissive lower level settings, in
>  which case it leaves the system wide open to anything
>  not using it to filter permissions.
>
> Or maybe I'm missing a third possible scenario.

Yup, PK is neither malware, nor a gaping security hole.

>From the PK website [0]: "PolicyKit is an application-level toolkit
for defining and handling the policy that allows unprivileged
processes to speak to privileged processes".

The way it works is that both the frontend (the unprivileged process,
e.g. the GUI for setting your timezone) and the backend (the
privileged process, e.g. the app that writes the timezone data to
/etc/localtime) interface with PK. The backend will ultimately be the
one deciding who should be allowed to do what under which conditions,
PK is just the interface that lets this be done in a uniform way.

In particular, note that PK will not give an unprivileged process
direct access to changing /etc/localtime ("malware"), nor does it
require /etc/localtime to be world writable ("security hole").

I'm not an expert on this, so I apologize if my explanation is
imprecise or incomplete.

Cheers,

Tom

[0]: <http://www.freedesktop.org/wiki/Software/PolicyKit>


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux