On 1/28/22 05:41, Lennart Poettering wrote: > On Mi, 26.01.22 14:21, Adam Williamson (adamw...@fedoraproject.org) wrote: > >> The issue and some of the comments around it prompted me to wonder - >> why is `pkexec` still a thing? Particularly, why is it still a thing we >> are shipping by default in just about every Fedora install? > > I don't think there's too much wrong with pkexec. It's like sudo but > with a much smaller, tighter footprint, with a hookup to intractive UI > stuff. I am pretty sure many cases where sudo is used right now would > actually benefit from using pkexec instead. > > I mean, polkit has some issues, but I am pretty sure that "pkexec" is > not what I'd consider the big problem with it. Or to say this > differently: the whole concept of tools like > su/sudo/setpriv/runuser/suid binaries is questionnable: i.e. I am > pretty sure we'd be better off if we would systematically prohibit > acquiring privs through execve(), and instead focus on delegating > privileged operations to IPC services — but of course that would be > quite a departure from traditional UNIX.
Agreed. With S_ISUID and S_ISGID, the default is to inherit the entire (untrusted!) caller environment, and the privileged process must sanitize it. With an IPC service, the default is to not inherit any of the environment, and only parts of the environment that are specifically set are passed on. As an aside, can Linux and/or glibc please disallow passing a NULL argv[0]? I would honestly be okay with glibc just crashing the process during startup if argv[0] is NULL or empty. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
