Ubuntu without polkit

Kevin Chadwick ma1l1ists at yahoo.co.uk
Sat Apr 13 18:18:29 UTC 2013

> Hello Kevin,
> Kevin Chadwick [2013-04-06  1:12 +0100]:
> > If you really wanted to do that you would find the likes of Selinux,
> > RBAC, TOMOYO and apparmor more effective, useful to a user and less of
> > a risk, however they do not save you from writing bad code and sudo
> > encourages the best of that in a nice priviledge seperated utility.  
> Again, MAC systems like SELinux, RBAC, or AppArmor do completely
> different things than sudo or polkit. Pretty please read
> http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
> for what polkit actually is and does first.

I had and understand just fine. Perhaps you could do the courtesy of
understanding the issues I am raising before replying and realising
that the problem stems from polkit doing more than one thing well.

> > If it was the case that polkit just did that then sudo would still be my
> > choice as it is not always running, is filesystem based  
> Right, and polkit is not filesystem based. The kinds of actions that
> polkit controls don't map to file objects.

What like shutdown and /usr/sbin/pm-suspend that break if you disable
it, not to mention the hundreds of megabytes of perfectly usable code
that you lose if you remove it. It is not a huge issue and may actually
just remove software of devs which aren't so savvy but I would prefer
if this unnecessary issue disappeared all together.

> Conversely, file objects or
> commands which you can control via sudo or RBAC have no idea about the
> concept of more abstract actions (like "set the system clock"),


> user
> sessions,

> multiple seats, etc., so please stop claiming that one is a
> superset of another.
requiretty, groups etc..

> We need MAC systems, sudo, AND polkit.

I don't need polkit and don't use polkit at all, except on my tvs,
where I can't be bothered. Actually I don't need any of them but would
not go without sudo. You are completely missing the point. Ubuntu and
Debian not even package devs are saying I *MUST* have polkit in cases
where there should be no requirement and also in many cases where
there certainly is no benefit.
> > nvidia-settings wants to install an xorg.conf file. An Nvidia user
> > could easily have this ability via sudo and a sudoers policy could be
> > provided in two seconds.  
> Nobody stops you from doing this. It's not like anyone proposed to
> abolish sudo. :-)

If apt didn't forcefully remove nvidia-settings when polkit is removed!

> > run polkit with all the defaults which is far more permissions and code
> > running as root than he needs.
> > 
> > Look into locking it down, yet it is still pointlessly running as root
> > and notoriously annoying to configure not to mention pointlessly
> > pulling in things like the JS package which aids rop attacks.  
> Running polkit itself does not give anyone any extra power/privilege.

If that is your opinion you need to realise that computers aren't
people. Yes it does and takes ages to find the code that it allows to
run as root, some of the comments even show that the polkit devs aren't
entirely sure exactly what it allows.

Also note the "than he needs"

> Pulling in JS is a valid concern for the latest upstream PK versions,
> and the main reason why we keep an older version for now.
Obviously the polkit dev didn't think so as I had advised on the
polkit list, before it happened. 

> Martin



'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

More information about the Ubuntu-devel-discuss mailing list