So... I am super-anti polkit in any form for terminal based programs. I would be happy to use polkit in any graphical frontend, but we don't have one in the pacman code base! Lets break the problem down a bit: The areas we need root: a) package installation The areas we should run as a dedicated user: b) database download c) package download d) gpg verification (for keyring ownership) Am I missing anything? The rest can be run as a user. Currently, both the areas needing run as root and those that could be a dedicated user are well detected, so any operation requiring these at any stage checks for root privileges. Any operation not requiring root privileges at any stage can be run as a user. The problem is when there are combined operations! A "quick fix" would be to boot operations b-d to separate helper binaries, with the pacman binary offloading as necessary. That removes most of our attack space. For a more complete pacman fix, note that all root (or dedicated user) needed operations happen first in any transaction - e.g. -Syi does the "y" first, so pacman could just drop root privileges as soon as those are done. This is at the pacman level, so other libalpm frontends would need to re-invent the wheel. Which I think they mostly need to do anyway... We don't get a lot of feedback on what would help other frontends. Allan