PolicyKit and malware, was: What I HATE about F11
Colin Walters
walters at verbum.org
Thu Jun 18 18:48:47 UTC 2009
On Thu, Jun 18, 2009 at 5:58 AM, Nils Philippsen<nils at redhat.com> wrote:
> On Tue, 2009-06-16 at 16:57 -0700, Adam Williamson wrote:
>> Ve haf zer technology, already. :) it's just a case of adding code to
>> more apps to take advantage of the awesomeness of PolicyKit, and I
>> believe this is scheduled to happen.
>
> I still have one fairly serious gripe with PolicyKit: If one application
> acquires an authorization it automatically authorizes all other
> applications running on the same desktop -- and I think that is a
> potential attack vector for malware. I would really like it if PlicyKit
> would issue authorizations that are valid only for a specific
> application, i.e. a subject(==user)/tool/action (optional /object for
> bonus points?) combination instead of only subject/action.
The point is here that PolicyKit is not a regression and does not open
up any new security problems. It is a positive step forward because
it gets us away from running entire GTK+ apps as uid 0, for example.
Along with other benefits like giving a consistent story to admins
about the interaction between the desktop and the system core.
What you're asking for is not feasible without SELinux domains in play
or a similar comprehensive approach.
More information about the fedora-devel-list
mailing list