On Mi, 16.02.22 15:01, Adam Williamson (adamwill@xxxxxxxxxxxxxxxxx) wrote: > > > hence I am not against the feature but please tone down the wording > > > regarding pkexec, it's misleading. Say you want to split it out to > > > reduce the attack surface, but don't use the word "legacy" in its > > > context. > > > > > > (dropping "pkla-compat" given its unmaintained state is Ok to be > > > called "legacy" i guess) > > > > I think I'd go stronger and say I don't really see the value in > > splitting out pkexec at all. I'd rather people have a default path to > > do safer privilege escalation, and pkexec is way better than > > sudo/doas/etc in that regard. > > This feels a bit unrealistic to me. In the real world, I can recall off > the top of my head exactly zero docs, guides, articles, howtos etc. > that use pkexec. They all use sudo. Like it or not, sudo is what people > use. The sensible thing to do there is devote attention to making sure > sudo is as secure as possible, or actually make some kind of big effort > to convince people to use pkexec instead. sudo is what users/admins use. pkexec is what (desktop) programs often use. docs/guides/articles/howtos are focussed on users/admins. hence of course, you won't find it mentioned there. > I just tried this, actually, for giggles. Two reasons it's a non- > starter: it prompts for the root password, not for my user password (my > user is an 'admin' so far as sudo etc. are concerned, but apparently > not an 'admin' so far as interactive pkexec is concerned). I do not > know the root password, it is intentionally a 24-character random > string I would have to look up. When I hit "pkexec" a nice GNOME shell prompt pops up asking me for *my* password, not root's. > And it prompts with one of those > goddamn 'secure' GNOME popovers which prevents you accessing your > password manager, so every time you hit one, you have to cancel it, go > to your password manager, copy the password it wants, then trigger it > again. > > No way on earth I'm using that. Then don't. But whether you use it or whether it's "legacy"/should go away are two distinct questions. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
