On Tue, 2009-06-16 at 16:57 -0700, Adam Williamson wrote: > Ve haf zer technology, already. :) it's just a case of adding code to > more apps to take advantage of the awesomeness of PolicyKit, and I > believe this is scheduled to happen. I still have one fairly serious gripe with PolicyKit: If one application acquires an authorization it automatically authorizes all other applications running on the same desktop -- and I think that is a potential attack vector for malware. I would really like it if PlicyKit would issue authorizations that are valid only for a specific application, i.e. a subject(==user)/tool/action (optional /object for bonus points?) combination instead of only subject/action. As it is, malware need only sit in the background and wait for e.g. a PolicyKit-enabled user manager to acquire the authorization for user creation to be able to easily install a backdoor account. Nils -- Nils Philippsen "Those who would give up Essential Liberty to purchase Red Hat a little Temporary Safety, deserve neither Liberty nils@xxxxxxxxxx nor Safety." -- Benjamin Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
