PolicyKit and malware, was: What I HATE about F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-06-16 at 16:57 -0700, Adam Williamson wrote:
> Ve haf zer technology, already. :) it's just a case of adding code to
> more apps to take advantage of the awesomeness of PolicyKit, and I
> believe this is scheduled to happen.

I still have one fairly serious gripe with PolicyKit: If one application
acquires an authorization it automatically authorizes all other
applications running on the same desktop -- and I think that is a
potential attack vector for malware. I would really like it if PlicyKit
would issue authorizations that are valid only for a specific
application, i.e. a subject(==user)/tool/action (optional /object for
bonus points?) combination instead of only subject/action.

As it is, malware need only sit in the background and wait for e.g. a
PolicyKit-enabled user manager to acquire the authorization for user
creation to be able to easily install a backdoor account.

Nils
-- 
Nils Philippsen      "Those who would give up Essential Liberty to purchase 
Red Hat               a little Temporary Safety, deserve neither Liberty
nils@xxxxxxxxxx       nor Safety."  --  Benjamin Franklin, 1759
PGP fingerprint:      C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux