[Pkg-utopia-maintainers] Bug#812153: Bug#812153: Bug#812153: Bug#812153: policykit-1: allows ordinary users to mount filesystems

Christoph Anton Mitterer calestyo at scientia.net
Thu Jan 21 03:53:40 UTC 2016


On Thu, 2016-01-21 at 04:32 +0100, Michael Biebl wrote:
> Right, since we had removable media 30 years ago.
No but mounting filesystems.


> In such a very specialised situation you can easily lock down the
> configuration. For such a setup you will most likely need custom
> configuration anyway to be secure.
> A default configuration needs to usable by the majority of users.
The problem with that is:
AFAIU, when I override polkit rules, that it's really just the specific
rule that are overriden... and no the whole config file e.g.
org.freedesktop.udisks2.policy

While this makes at first since of course, it also means that one have
no real chance to go back to sane permissions unless one would track
any single change of /usr/share/polkit-
1/actions/org.freedesktop.udisks2.policy.
Of course one can override all rules that are there right now, but new
properties get added or existing ones removed, and then one's back to
insecure-per-default settings.


> There is no "real issue".
Maybe not for you, others may have tighter security constraints,
though. E.g. I wouldn't want to have everyone-may-access-everything
just it may seem convenient for some people and they set up their
systems like this.


>  Point.
> You are making a big fuss for nothing and wasting everyones time,
> mine
> included. I'm not willing to tolerate that.
Uhm I had understood that before.
Not-an-issue-for-you plus threatening people for whom it is - bug
solving by oppression (guess I should try that at the institute as well
=) ),...
So no need to point out and praise your position of power again.

Anyway,.. the bug is closed as you enforced it,.. perhaps it should be
marked wontfix?

Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20160121/b023e516/attachment-0001.bin>


More information about the Pkg-utopia-maintainers mailing list