On Mon, 2022-01-31 at 10:19 +0000, Michael J Gruber wrote: > I vaguely remember we had a move off consolekit at some point: In 2016, I moved "luckybackup" away from "beesu" (which uses consolekit) to "pkexec" (from polkit). > > We still have "beesu" in Fedora. Should I switch back? ;) No. The issue is not that pkexec is inherently worse than any other tool to do approximately the same thing (prompt for some kind of password, then run the entire app as root) - it's unfortunate that pkexec happened to have a giant security flaw, but it's not unlikely that other tools to do the same thing will turn out to have security flaws if someone decides to take a close look at them. The issue is that *that whole design* is suboptimal. What we really wanted to happen with the switch was for apps that need higher privileges for some operation to be rewritten such that they could use polkit to signal a more privileged executable (ideally one that *already runs* privileged, so there's no greater attack surface than before) to perform that operation, and otherwise run unprivileged. pkexec was a less-good second choice option for apps where there didn't seem to be much prospect of anyone doing the work to move to a better design. It at least let us get rid of consolehelper from most installations, so we had fewer 'run-this-thing-as-root' tools to worry about. Switching from pkexec to any other 'run-this-thing-as-root' tool would not be an improvement. Moving to a more sophisticated design using polkit's other capabilities would be an improvement. I wouldn't consider a non-default leaf package that's probably not very widely installed to be much of a priority in any case. We still actually have several things in the distro that never moved off consolehelper! Things that are default parts of our key editions and spins would be much higher priority for this. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
