Networking and the firewall (Was Re: Isn't it time for the encrypted file system???)
Peter Jones
pjones at redhat.com
Thu Mar 30 21:00:13 UTC 2006
On Thu, 2006-03-30 at 12:44 -0500, Matthew Miller wrote:
> On Thu, Mar 30, 2006 at 11:54:54AM -0500, David Zeuthen wrote:
> > No, my view is that consolehelper is fundamentally flawed. Now that we
> > have something like D-BUS there is absolutely no reason, apart from
> > laziness, that you ever want run X11 programs as root or another user.
> > Think for a minute about just how much code runs with root. Not to
> > mention desktop integration issues [1].
>
> Well, having this would allow the existing consolehelper to take the place
> of the "polkit-su" tool you mention in
> <http://lists.freedesktop.org/archives/hal/2006-March/004770.html>. So
> instead of having a new thing, consolehelper could auth to access your
> 'polkit' user.
>
> It seems better to me to make this rather small change to consolehelper
> rather than to make yet another tool from scratch. Maybe I'm missing
> something important, though -- that often happens. :)
The point is that "a tool to run things as root" is an awful design
choice. The thing it's trying to solve is "a way for users who have
administrative permissions to do administrative tasks".
It used to be that our main model for doing this was "allow $USER to run
$PROGRAM as root", which is the consolehelper and sudo way. But we had
another one too -- USERCTL in network scripts.
With dbus, we can take the USERCTL way another step forward. And in
fact we have -- this is essentially the NetworkManager model. NM does
the network configuration, but nm-applet has no such permissions. And
unlike e.g. sudoers, the interface between nm-applet and NM doesn't lend
itself to unconstrained exploits.
--
Peter
More information about the Fedora-maintainers
mailing list