[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PolicyKit and malware, was: What I HATE about F11



On Thu, Jun 18, 2009 at 5:58 AM, Nils Philippsen<nils redhat com> wrote:
> On Tue, 2009-06-16 at 16:57 -0700, Adam Williamson wrote:
>> Ve haf zer technology, already. :) it's just a case of adding code to
>> more apps to take advantage of the awesomeness of PolicyKit, and I
>> believe this is scheduled to happen.
>
> I still have one fairly serious gripe with PolicyKit: If one application
> acquires an authorization it automatically authorizes all other
> applications running on the same desktop -- and I think that is a
> potential attack vector for malware. I would really like it if PlicyKit
> would issue authorizations that are valid only for a specific
> application, i.e. a subject(==user)/tool/action (optional /object for
> bonus points?) combination instead of only subject/action.

The point is here that PolicyKit is not a regression and does not open
up any new security problems.  It is a positive step forward because
it gets us away from running entire GTK+ apps as uid 0, for example.
Along with other benefits like giving a consistent story to admins
about the interaction between the desktop and the system core.

What you're asking for is not feasible without SELinux domains in play
or a similar comprehensive approach.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]