[strawman] partual support of apps for policykit for Jaunty

Martin Pitt martin.pitt at ubuntu.com
Thu Nov 20 15:29:21 UTC 2008


tacone [2008-11-19 13:56 +0100]:
> What I've been told is the gedit implementation was *not hard to do*.

That sounds overly optimistic to me. In order to teach gedit to edit
system files as normal user, you need a PolicyKit protected backend
which runs as root (probably D-BUS activated).

This means you essentially have to implement a backdoor for
circumventing arbitrary file permissions, and just protect them with a
single PK privilege which many users might even permanently set.

There goes the remaining bit of user/admin separation which we have,
and we can just as well have anyone work as root in the first place.

I read several such requests already, and I still don't think it's a
good idea at all. What we should fix are the *reasons* why users want
to edit files as root, instead of making crackful things easier.

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20081120/4752dce3/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list