Ubuntu without polkit
martin.pitt at ubuntu.com
Mon Apr 8 09:48:22 UTC 2013
Kevin Chadwick [2013-04-06 1:12 +0100]:
> If you really wanted to do that you would find the likes of Selinux,
> RBAC, TOMOYO and apparmor more effective, useful to a user and less of
> a risk, however they do not save you from writing bad code and sudo
> encourages the best of that in a nice priviledge seperated utility.
Again, MAC systems like SELinux, RBAC, or AppArmor do completely
different things than sudo or polkit. Pretty please read
for what polkit actually is and does first.
> If it was the case that polkit just did that then sudo would still be my
> choice as it is not always running, is filesystem based
Right, and polkit is not filesystem based. The kinds of actions that
polkit controls don't map to file objects. Conversely, file objects or
commands which you can control via sudo or RBAC have no idea about the
concept of more abstract actions (like "set the system clock"), user
sessions, multiple seats, etc., so please stop claiming that one is a
superset of another. We need MAC systems, sudo, AND polkit.
> nvidia-settings wants to install an xorg.conf file. An Nvidia user
> could easily have this ability via sudo and a sudoers policy could be
> provided in two seconds.
Nobody stops you from doing this. It's not like anyone proposed to
abolish sudo. :-)
> run polkit with all the defaults which is far more permissions and code
> running as root than he needs.
> Look into locking it down, yet it is still pointlessly running as root
> and notoriously annoying to configure not to mention pointlessly
> pulling in things like the JS package which aids rop attacks.
Running polkit itself does not give anyone any extra power/privilege.
Pulling in JS is a valid concern for the latest upstream PK versions,
and the main reason why we keep an older version for now.
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the Ubuntu-devel-discuss