[Pkg-utopia-maintainers] Bug#526854: hal: HAL should not require PolicyKit
Fredrik Tolf
fredrik at dolda2000.com
Mon May 4 18:41:14 UTC 2009
On Mon, 2009-05-04 at 09:52 +0200, Michael Biebl wrote:
> >
> > I have not researched it in detail yet, so I don't really know if it's a good
>
> So you are basing your request on FUD?
I don't think so. What I meant by "not researching" was whether the
solution of splitting it into two packages would be plausible.
As for my wider argument, I may be wrong somewhere along the line, but
please correct me if that is so. My argument is this:
First, as far as I know, PolicyKit is essentially a system for granting
privileges to a user which he would not have without it. In other words,
depending on the configuration of PolicyKit, a user may be allowed to do
things he would not be allowed to without it [see note 1].
Second, the configuration and operation of PolicyKit is not well-known,
unlike normal Unix security.
Third, Debian previously used ordinary Unix groups to assign various
HAL-related privileges to users. Everyone known how Unix groups work; if
a user wasn't a member of any particular groups, he would be granted no
unexpected privileges.
Thus, I think it is a bad idea to install PolicyKit by default: With
PolicyKit, I don't even know how permissions are granted to users. I
know that it's supposed to authenticate through PAM, but I have not yet
found any information on how it actually authorizes the authenticated
users for the various permissions it can grant.
Note, also, the following remark from the PolicyKit(8) manpage: "TODO:
This manual page should contain a simple introduction to PolicyKit for a
system administrator audience. Remains to be written." The same manpage
points to /usr/share/doc/policykit for more information, but it only
contains a README explaining why various policykit programs have the
file modes they do, and nothing about how to administer PolicyKit
itself.
That is my conclusion. Please tell me if I'm wrong somewhere along the
line.
Fredrik Tolf
--
Note 1: Parenthetical remark -- As such, PolicyKit, as a security
system, differs from systems like SELinux which only remove privileges a
user would otherwise have, and which therefore do not create any new
vectors for doing privileged operations,
More information about the Pkg-utopia-maintainers
mailing list