Am 30.03.2018 um 04:36 schrieb Christoph Anton Mitterer: > Hi. > > I was just looking into the polkit documentation on how to override the > defaults of actions... but that seems not easily be possible. > Perhaps someone here can help me :-) > > > Unfortunately we've had a security incident at the institute, in which > a user was granted quite arbitrary access to disks. > The reasons seems to be that udisks' default policy allows any "local" > users pretty vast access (powering off, editing/deleting partitions, > etc.) on devices it doesn't consider to be system devices. > > No idea how it decides what a system disk is, but anything connected > via USB doesn't seem to be. > > This alone is IMO a grave security hole, but getting it fixed is > probably fighting windmills, as there seem to be a clear direction > towards the simple-desktop-system model, i.e. one user, computer anyway > fully physically accessible to any user sitting in front of it. > > Real world is of course different, in our case users don't have full > physical access to the computer (except screen, keyboard and the like) > ... and some "system disks" are connected via internal USB bridge. > By that the system could be compromised (well luckily in this case > there were not bad intentions but just "accidentally" breaking things). > > > Long story short, I'd like to fix all the polkit/udisks permissions for > at least our systems. > > > Now there seems to be only little documentation (basically the polkit- > html manual) that deals with what one would want to do in real world > cases. :-( > > > AFAIU, it's apparently not possible to override the policy files > themselves, but only to create rules files, which kinda refine the > policy, right? > > > What I'd basically want is to say for e.g. all udisk actions, that at > least admin-authentication is needed... *but*, ideally, if some > existing policy or rules file, allow for root or other special groups > (I think in Debian sudo-group members) to proceed without password- > authn, then this should be kept. > > Maybe I just don't see it, but this doesn't seem possible. > I can override the actions to e.g. demand for auth_admin, but then I'll > also override and auth_admin_keep or e.g. "yes" for root (but not > users). > > Is this somehow cleanly possible? :-) I guess it would also be worth to > put something like this into README.Debian. > I.e. override to require admin_auth for non-admin-users, but retain any > yes/admin_auth_keep/etc. for admin-users. > > > The next thing is: Debian seems to be stuck at some pretty old version > of polkit? > 0.105 in contrast to 0.113 upstream? And the customisation via rules in > some creepy JavaScript as done in upstream 0.113 seems to not be > available in 0.105... and the pklocalauthority thing seems to be gone > from the current upstream? > Is the current version going to Debian sooner or later?
No current plans to upload the JavaScript/mozjs based version to unstable. > And how should one write/override rules for polkit in Debian? You might have a look at https://packages.ubuntu.com/search?keywords=policykit-desktop-privileges Instead of locking down, those rules open the default policy Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-utopia-maintainers mailing list Pkg-utopia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers