On Mi, 26.01.22 14:21, Adam Williamson (adamwill@xxxxxxxxxxxxxxxxx) wrote: > The issue and some of the comments around it prompted me to wonder - > why is `pkexec` still a thing? Particularly, why is it still a thing we > are shipping by default in just about every Fedora install? I don't think there's too much wrong with pkexec. It's like sudo but with a much smaller, tighter footprint, with a hookup to intractive UI stuff. I am pretty sure many cases where sudo is used right now would actually benefit from using pkexec instead. I mean, polkit has some issues, but I am pretty sure that "pkexec" is not what I'd consider the big problem with it. Or to say this differently: the whole concept of tools like su/sudo/setpriv/runuser/suid binaries is questionnable: i.e. I am pretty sure we'd be better off if we would systematically prohibit acquiring privs through execve(), and instead focus on delegating privileged operations to IPC services — but of course that would be quite a departure from traditional UNIX. I mean, if you buy into the conceptual idea that sudo/su/… are a good thing, and are fine with polkit, too, then I am pretty sure pkexec is actually the best option you have, and you should rather dump sudo. "pkexec" is a *short* program, it runs very little code with privileges actually. That makes it a *ton* better than the humungous code monster that "sudo" is. It has a smaller security footprint, and is easier to review than "sudo". That's worth a lot actually. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
