On Thu, Jun 18, 2009 at 5:58 AM, Nils Philippsen<nils@xxxxxxxxxx> wrote: > On Tue, 2009-06-16 at 16:57 -0700, Adam Williamson wrote: >> Ve haf zer technology, already. :) it's just a case of adding code to >> more apps to take advantage of the awesomeness of PolicyKit, and I >> believe this is scheduled to happen. > > I still have one fairly serious gripe with PolicyKit: If one application > acquires an authorization it automatically authorizes all other > applications running on the same desktop -- and I think that is a > potential attack vector for malware. I would really like it if PlicyKit > would issue authorizations that are valid only for a specific > application, i.e. a subject(==user)/tool/action (optional /object for > bonus points?) combination instead of only subject/action. The point is here that PolicyKit is not a regression and does not open up any new security problems. It is a positive step forward because it gets us away from running entire GTK+ apps as uid 0, for example. Along with other benefits like giving a consistent story to admins about the interaction between the desktop and the system core. What you're asking for is not feasible without SELinux domains in play or a similar comprehensive approach. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
