On Fr, 28.01.22 11:26, Adam Williamson (adamwill@xxxxxxxxxxxxxxxxx) wrote: > On Fri, 2022-01-28 at 11:41 +0100, Lennart Poettering wrote: > > > > "pkexec" is a *short* program, it runs very little code with > > privileges actually. That makes it a *ton* better than the humungous > > code monster that "sudo" is. It has a smaller security footprint, and > > is easier to review than "sudo". That's worth a lot actually. > > ...and yet despite being so easy to review it somehow had a major > security vulnerability ever since it was written. Yeah, but sudo is much worse, no? CVEs are a shitty metric, but afaik the number of CVEs of sudo dwarves the CVEs of pkexec... > Anyway, my point is not really pkexec vs. sudo for interactive use, but > whether pkexec is actually needed by default on all of our editions for > non-interactive use. It's not an easy question to answer since our > packaging doesn't distinguish between something needing *polkit* and > something needing *pkexec*. Though from what we've found in this > thread, it seems like at least GNOME and KDE definitely do still need > it. I'm not enough of a domain expert to know if it's realistic to > rewrite everything in GNOME and KDE that relies on pkexec to use a > different mechanism. systemd's "ask-password" logic kinda pushes UI tools towards pkexec too btw. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure