> > > > How about uncommenting a line that does so. All you are buying into is > > a default setup. > > App authors don't ship configs like that though. Does apt ship a sudo > config? Does anything?
Perhaps you missed my opening message on this topic, except it was in your first reply. __________________________________________________________________ I remember reading a while back that distros had some blunders in writing secure sudoers files and so it was emptied. Is that true? I still ascert that apps adding groups with NOPASSWD sudoers lines perhaps even commented out by default in all or some cases is far better than polkit for many reasons. Any counter argument can apply to sudo too and rather easily. ____________________________________________________________________ > The nice thing about (really dbus, not so much polkit per se) is that > I can offer a nice API for applications that is not command line > based. No parsing strings, no 'oh this tool writes to stderr, that one > writes to stdout, I need to ignore these lines...) > What is wrong with sed and you can simply echo files in some sudoers.d config. What kind of unix dev cannot handle text strings. That is one of the problems with it too, especially if polkit becomes over used and perhaps this is below the belt but it's certainly true that IPC has caused Android more than enough security issues. > > > >> I don't understand 'the APIs that coders will learn instead of C.' Can > >> you elaborate? Polkit has a C api... > >> > > > > It has an api that is simply not needed? Small tools are better. > > You prefer the commandline api? (one byte for return values, half of > which are signals) > What's the problem there?. I have already stated some of the very important benefits. > > > >> I don't understand how the code will 'not be well designed to the > >> application at hand.' I mean ideally the API and the CLI are > >> essentially just wrappers around the same library of functions. > >> > > > > If you search for sites that evaluate polkit you will see that it is > > considered to encourage granting more permissions than necessary rather > > than coding a specific tool. > > Hah, because no one uses sudo to grant extraordinarily broad permissions. > They do, but it encourages them not to and not vice versa and they can easily customise the default rule to say emerge -moresecurethandefault Win Win and a couple more Wins in fact > > > >> Its unclear how polkit is 'hard'. Now it *is* new, and I will concede > >> you will have to read some manpages. However i don't think the > >> concepts are difficult. > > > > Man pages won't help with polkit and it actually generally ships with no > > configs by default. > > In Ubuntu Precise.. You still have to do way more than commenting or editing a file to restrict the default further, aka it's unlikely to happen. > > All of this is explained in man polkit. > And pkauthority and and .... How will that help when as I have mentioned a coders comments aren't even sure exactly what the code permits. > > > > I know about pkaction, the problem is that the actions tells you next to > > nothing about what is actually allowed. I haven't time to dig out one > > of the rediculous comments from the source now unfortunately. With > > small tools it's much better all round. > > Really? Please enumerate what giving someone access to 'emerge' can do. > Exactly, you see man emerge and grepping the source does work perfectly well there. You could make myemerge pretty quick too. > > No one maintains the sudo wrappers though. Someone maintains the > polkit actions. That someone also happens to be the upstream author. > That's what I am asking, is there any reason not to as it would be better? No reason has come up yet? > > > >> Is the polkit maintain any less 'trustworthy' than the gnome > >> maintainers? the kde maintainers? the kernel maintainers? At the end > >> of the day my machines are running software from thousands of > >> contributors. > >> > > > > I think that has been demonstrated and we are talking about root code > > and sudo is never running as such. > > I don't follow... > It is certainly far easier to exploit polkit than sudo with a decent sudoers of course for multiple reasons. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________
