> > Policykit's configuration is yet another pseudo-language you have to > > learn unless you can get rid of it, which is hard to do completely :-( > > > > Didier > > Ok. Thanks. I'll dig in that direction. Based on this and many other > incidents, policykit seems to be a big, gaping security hole.
Yup, it is a major security risk. Polkitd links in an xml parser, the perl compatible regular expression library and the gobject infrastructure of gtk. That adds a zillion lines of code to many security-critical applications and increases the attack surface in the same proportion. It also makes it harder to trim down the minimal-server installation ... regards marc _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng