Re: CVE-2021-4034: why is pkexec still a thing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mi, 26.01.22 14:21, Adam Williamson (adamwill@xxxxxxxxxxxxxxxxx) wrote:

> The issue and some of the comments around it prompted me to wonder -
> why is `pkexec` still a thing? Particularly, why is it still a thing we
> are shipping by default in just about every Fedora install?

I don't think there's too much wrong with pkexec. It's like sudo but
with a much smaller, tighter footprint, with a hookup to intractive UI
stuff. I am pretty sure many cases where sudo is used right now would
actually benefit from using pkexec instead.

I mean, polkit has some issues, but I am pretty sure that "pkexec" is
not what I'd consider the big problem with it. Or to say this
differently: the whole concept of tools like
su/sudo/setpriv/runuser/suid binaries is questionnable: i.e. I am
pretty sure we'd be better off if we would systematically prohibit
acquiring privs through execve(), and instead focus on delegating
privileged operations to IPC services — but of course that would be
quite a departure from traditional UNIX.

I mean, if you buy into the conceptual idea that sudo/su/… are a good
thing, and are fine with polkit, too, then I am pretty sure pkexec is
actually the best option you have, and you should rather dump sudo.

"pkexec" is a *short* program, it runs very little code with
privileges actually. That makes it a *ton* better than the humungous
code monster that "sudo" is. It has a smaller security footprint, and
is easier to review than "sudo". That's worth a lot actually.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora KDE]     [Fedora Announce]     [Fedora Docs]     [Fedora Config]     [PAM]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux