[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Package Manager Denies Permission to Install



On Tue, 2009-01-20 at 09:53 -0800, Kam Leo wrote:
> Well, if you can not trust a GUI then logging in as a user won't help
> either. Once that user invokes superuser powers there is no difference
> between him/her and root.

Incorrect. If the dialog stays as the user process (non-root) it can
communicate with a seporate privileged process (running as root) using
some sort of untrusted IPC (over DBUS, socket, etc). We therefore allow
the untrusted process to authenticate (using PolicyKit) and do tasks
that are normally only allowed to do as root.

Just because a dialog pops up and asks for the root password, doesn't
automatically mean the GUI code is then running as root.

If you read http://hal.freedesktop.org/docs/PolicyKit/ it explains
nicely how the system works.

Richard.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]