[arch-general] netcfg wlan connection renewal
fons at linuxaudio.org
Thu Sep 29 04:25:06 EDT 2011
On Wed, Sep 28, 2011 at 06:14:24PM -0500, C Anthony Risinger wrote:
> On Sep 28, 2011 3:53 PM, "Tom Gundersen" <teg at jklm.no> wrote:
> > The way it works is that both the frontend (the unprivileged process,
> > e.g. the GUI for setting your timezone) and the backend (the
> > privileged process, e.g. the app that writes the timezone data to
> > /etc/localtime) interface with PK. The backend will ultimately be the
> > one deciding who should be allowed to do what under which conditions,
> > PK is just the interface that lets this be done in a uniform way.
> The process is similar for libvirt -- when the policy is "unix perms only"
> having r/w access to the control socket is enough to authorize. However,
> when polkit is in use (the default) the socket is world writable simply
> because anyone *could* be authorized to use it (you could still use fs perms
> if you wanted) ... but all requests must be approved by polkit anyway, and
> at no time are you really exposing anything -- all configs/etc are never
> directly malleable or even disclosed.
Thanks to both of you, but I still must be missing something.
For example, when I insert an USB stick on my machine and
try to mount it as a normal user I get a reply that only
root can do that. That's what I actually want (there are
some exceptions in /etc/fstab for my owns sticks, which
are identified by UUID).
Yet some Gnome/KDE desktop apps are able to mount even when
running for a normal user, when PK agrees (which in my eyes
is a subvertion of a policy set by the sysadmin). How do they
do this if neither 'mount' nor the syscalls used by it take
any notice of PK (thank $GOD for that) ?
The only way I can imagine ATM is that such environments have
a collection of small suid programs or daemons (all talking
to PK) that do the work, and that PK is there to allow these
to be separate from the main apps which require the service.
If things work that way I'd say these are mafia tactics :-)
1. Make sure you have a number of corrupt police officers,
judges, etc. (the privileged proxies or daemons),
2. Use them to impose your own laws (PK) instead of those
of civil society (the system).
In that case the real security thread is (1), not (2).
More information about the arch-general