Re: CVE-2021-4034: why is pkexec still a thing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/28/22 05:41, Lennart Poettering wrote:
> On Mi, 26.01.22 14:21, Adam Williamson (adamwill@xxxxxxxxxxxxxxxxx) wrote:
> 
>> The issue and some of the comments around it prompted me to wonder -
>> why is `pkexec` still a thing? Particularly, why is it still a thing we
>> are shipping by default in just about every Fedora install?
> 
> I don't think there's too much wrong with pkexec. It's like sudo but
> with a much smaller, tighter footprint, with a hookup to intractive UI
> stuff. I am pretty sure many cases where sudo is used right now would
> actually benefit from using pkexec instead.
> 
> I mean, polkit has some issues, but I am pretty sure that "pkexec" is
> not what I'd consider the big problem with it. Or to say this
> differently: the whole concept of tools like
> su/sudo/setpriv/runuser/suid binaries is questionnable: i.e. I am
> pretty sure we'd be better off if we would systematically prohibit
> acquiring privs through execve(), and instead focus on delegating
> privileged operations to IPC services — but of course that would be
> quite a departure from traditional UNIX.

Agreed.  With S_ISUID and S_ISGID, the default is to inherit the entire
(untrusted!) caller environment, and the privileged process must sanitize
it.  With an IPC service, the default is to not inherit any of the
environment, and only parts of the environment that are specifically
set are passed on.

As an aside, can Linux and/or glibc please disallow passing a NULL
argv[0]?  I would honestly be okay with glibc just crashing the process
during startup if argv[0] is NULL or empty.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux