* Lennart Poettering: > On Fr, 28.01.22 12:12, Florian Weimer (fweimer@xxxxxxxxxx) wrote: > >> * Lennart Poettering: >> >> > I mean, polkit has some issues, but I am pretty sure that "pkexec" is >> > not what I'd consider the big problem with it. Or to say this >> > differently: the whole concept of tools like >> > su/sudo/setpriv/runuser/suid binaries is questionnable: i.e. I am >> > pretty sure we'd be better off if we would systematically prohibit >> > acquiring privs through execve(), and instead focus on delegating >> > privileged operations to IPC services — but of course that would be >> > quite a departure from traditional UNIX. >> >> One issue is that it's harder to prevent other users from doing execve >> than it's denying them access to some IPC service. In this sense, SUID >> programs are more robust. > > Well, that's precisely the problem that PK was supposed to address, > but then it descended down the JS rabbit hole... Not sure if we are talking about the same thing. I meant flooding the local socket (or similar) with requests, not access control. Thanks, Florian _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure