[Pkg-utopia-maintainers] Bug#526854: Bug#526854: hal: HAL should not require PolicyKit

Michael Biebl biebl at debian.org
Mon May 4 19:06:51 UTC 2009 

Fredrik Tolf wrote:
> On Mon, 2009-05-04 at 09:52 +0200, Michael Biebl wrote:
>>> I have not researched it in detail yet, so I don't really know if it's a good
>> So you are basing your request on FUD?
> 
> I don't think so. What I meant by "not researching" was whether the
> solution of splitting it into two packages would be plausible.
> 
> As for my wider argument, I may be wrong somewhere along the line, but
> please correct me if that is so. My argument is this:
> 
> First, as far as I know, PolicyKit is essentially a system for granting
> privileges to a user which he would not have without it. In other words,
> depending on the configuration of PolicyKit, a user may be allowed to do
> things he would not be allowed to without it [see note 1].

Well, that is also true for the group based approach that was previously used in
HAL, just much more coarse grained and less flexible and dynamic.

> Second, the configuration and operation of PolicyKit is not well-known,
> unlike normal Unix security.

That basically reads, like you are missing proper documentation.
Have you installed policykit-doc and read the documentation provided there (best
read with devhelp)?

But certainly documentation can always be improved.

> Third, Debian previously used ordinary Unix groups to assign various
> HAL-related privileges to users. Everyone known how Unix groups work; if
> a user wasn't a member of any particular groups, he would be granted no
> unexpected privileges.

We invented groups like plugdev/netdev/powerdev in HAL, to control access to the
HAL D-Bus service. Yet the exact meaning of those groups is very vague (or can
you tell me which privileges you exactly get by being a member of e.g. group
plugdev?) This is now replaced with PolicyKit. With the HAL policykit
configuration file (you can inspect the HAL PolicyKit configuration with
polkit-gnome-authorization), it is much clearer (and documented) what privileges
are granted.

Again, the group-based approach is less flexible, too coarse grained, not
dynamic and not scalable. Thus PolicyKit is a definit improvement (security wise).

What I miss from your arguments are solid, technical reasons, why PolicyKit is,
as you put it, "a bad idea".


Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20090504/88b0097f/attachment-0001.pgp>

More information about the Pkg-utopia-maintainers mailing list