Lennart Poettering wrote:
> The IPC message is the *full* vulnerable surface, and that's as minimal as
> it can get. And that's great.
But that message can actually open a whole new vulnerability, compared to a
monolithic program running completely as root. E.g., I have seen several
D-Bus-activated PolicyKit helpers that basically allow running an arbitrary
command as root. Grant the PolicyKit permission for any of those to an
unprivileged user and you have given them instant root. The monolithic
version would make that a function, method, or class in a monolithic
executable that is only ever called with some specific commands as an
argument. The "more secure" PolicyKit-based design introduces the extra
entry point that needs to be protected against unauthorized access.
Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
