On Thu, 2009-06-18 at 11:58 +0200, Nils Philippsen wrote: > > As it is, malware need only sit in the background and wait for e.g. a > PolicyKit-enabled user manager to acquire the authorization for user > creation to be able to easily install a backdoor account. Nils, this is somewhat inaccurate (or to put it more strongly, it is misinformation...). First of all, unless the policy specifies _keep, you can only do things once after getting the authorization. And even with _keep, it is not true that PolicyKit "automatically authorizes all other applications running on the same desktop". The retained authorization is only valid for the subject that obtained it, which will typically be a process (identified by process id and start time) or a canonical bus name. And your malware does not have either. Here is a little demo to show how this works: The org.freedesktop.policykit.example.pkexec.run-frobnicate action has auth_self_keep in its policy. Now if you try running pkexec pk-example-frobnicate in a terminal, PolicyKit retains the authorization that you obtain by entering your password, and the subject it associates it with is the parent process of pkexec, ie the shell you are running this in. Repeating the pkexec call in the same shell will not ask you for your password again. But if you open a new terminal or tab and repeat it there, you will get asked again. Matthias -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
