[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



Gregory Maxwell wrote:
> In the past I could simply check to see if a package contained SUID 0
> binaries or modified a small number of fairly obvious system config
> files and have good confidence that it wasn't changing the root/user
> boundary line.

The helpers which actually perform the actions authorized by PolicyKit still 
need to become root through some other way, PolicyKit is only used to 
validate that the user is authorized to use the helper.

AFAIK, there are only 3 ways the helper can get root:
* SUID 0 (which you're already checking for)
* running as a permanent systemwide service (you definitely need to audit 
those!)
* D-Bus activation into the system bus: This one is new, you need to check 
for /usr/share/dbus-1/system-services/*.service

PolicyKit on its own doesn't escalate privileges.

        Kevin Kofler


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]