On Fri, Dec 15, 2017, at 5:19 PM, Ruixin Bao wrote:
> Hello,
>
> I was wondering if it is possible to have a configuration set so that
> both /usr/share/polkit-1/actions/xx.policy and /usr/local/share/
> polkit-1/actions/xx.policy
> files can get recognized?
I'm not opposed to this...but I fee
Based on some (long ago now) in-person discussion with the previous polkit
maintainer:
the JS backend was added for a reason from a real-world nontrivial in size
desktop deployment.
That said I don't have contact with them myself and unfortunately the original
commit
aeb2b50a7b0ed1411df81790231c
On Mon, Dec 12, 2016, at 11:08 AM, Jeremy Linton wrote:
>
> Yes, moving forward to mozjs24 remains a good medium term plan. Primary
> because js 1.8.5 and mozjs17 need to go.
I suspect the gjs -> mozj24 dependency has driven it into most distributions
now,
and what gjs does (and for that matter
On Mon, Dec 12, 2016, at 10:48 AM, Jeremy Linton wrote:
> Hi,
>
> On 12/12/2016 09:18 AM, Colin Walters wrote:
> > On Fri, Aug 26, 2016, at 02:01 PM, Jeremy Linton wrote:
> >> The JSAPI is now a full C++ interface. Convert the polkit
> >> to JavaScript inter
On Mon, Dec 12, 2016, at 10:48 AM, Jeremy Linton wrote:
> Hi,
>
> On 12/12/2016 09:18 AM, Colin Walters wrote:
> > On Fri, Aug 26, 2016, at 02:01 PM, Jeremy Linton wrote:
> >> The JSAPI is now a full C++ interface. Convert the polkit
> >> to JavaScript inter
On Fri, Aug 26, 2016, at 02:01 PM, Jeremy Linton wrote:
> The JSAPI is now a full C++ interface. Convert the polkit
> to JavaScript interface module to C++ compilation in order to
> support newer versions of spidermonkey.
Ok, https://bugs.freedesktop.org/show_bug.cgi?id=97763 was
fixed, so I went
Just a note, me applying any patches to polkit is blocked on
https://bugs.freedesktop.org/show_bug.cgi?id=97763
I took a quick look through the patches and they seemed
fine to me. It's definitely worth making forward progress
on this, maybe one of the other people with commit
access can apply the
On Thu, Aug 18, 2016, at 11:38 AM, Jeremy Linton wrote:
> The #ifdefs definitely restrict the code flow. The more recent versions
> of JSAPI lean heavily on a RAII/construction model for rooting objects
> in the GC. So, removing them helps clear the way for reworking the code
> flow to fit wel
On Thu, Aug 4, 2016, at 12:57 PM, Jeremy Linton wrote:
> Polkit is out of date with respect to supported versions of mozjs. These
> patches start moving polkit forward again. Right now they are just to
> mozjs24 which is one of the first C++ only JSAPI versions of spidermonkey
> and is a good sta
On Sat, Feb 27, 2016, at 07:01 AM, Jean-Philippe Guillemin wrote:
> Hi, Many X applications require root privileges, but at the same time
> want to keep the original $USER env variable
Isn't the more correct precedent for this the `SUDO_USER`
environment variable?
_
On Tue, Sep 8, 2015, at 01:37 PM, Simon McVittie wrote:
(Snip rest of discussion about JS for now)
> I think the major concern, apart
> from mozjs' footprint and the fact that mozjs > 1.8.5 is such a moving
> target API-wise, is that sysadmins' local .pkla files (if any) would be
> ignored after
On Wed, Aug 12, 2015, at 11:28 PM, Jasper St. Pierre wrote:
> For performance reasons related to boot speed on our platform, today I
> ported polkit to use Duktape.
A notable pain I see here is that in dropping mozjs support, it will effectively
force a branch, and that will in turn complicate s
On Thu, Jun 4, 2015, at 09:20 AM, Colin Walters wrote:
>
> But I'd be most comforatable if we did *both* "uid binding" and "secret
> cookie".
Ok, updated patches are in:
https://bugs.freedesktop.org/show_bug.cgi?id=90837
https://bugs.freedesktop.org/show_bug.c
On Thu, Jun 4, 2015, at 07:49 AM, Miloslav Trmač wrote:
> Hello,
> > I'm still thinking about stronger approaches. I think the strongest thing
> > we
> > could do would be to enforce the binding of cookie -> agent. Given that
> > there can be at most one agent per uid
>
> No, it is per sessio
On Wed, Jun 3, 2015, at 05:22 PM, Colin Walters wrote:
> Or should I just revert it?
I ended up pushing a revert, as I wanted to cleanly investigate other options.
> # Idea 1: Pass and verify uid
> - Add a new API AuthenticationAgentResponse2 which also takes a uint32 uid.
> - C
On Wed, Jun 3, 2015, at 03:40 PM, Miloslav Trmač wrote:
>
> Isn’t this a privilege escalation actually?
>
> Mallory creates creates auth_admin* sessions for all possible cookie values,
> and waits for Alice to (or social-engineers Alice to) create a new auth_admin
> session for an unrelated p
Hi Tavis,
(By the way, thanks for all of your work in security research)
On Fri, May 29, 2015, at 02:00 PM, Tavis Ormandy wrote:
> Hello, I've been browsing the reference code and have a question about
> how the session cookies are maintained. It looks like the cookie
> generator can wrap and two
Hi,
On Wed, Jun 3, 2015, at 09:40 AM, Philip Withnall wrote:
> Hi Colin,
>
> On Sat, 2015-05-30 at 09:36 -0400, an unknown sender wrote:
> > On Fri, May 29, 2015, at 02:08 PM, Tavis Ormandy wrote:
> > > Hello, I've noticed polkitd dumps core if you set an invalid object
> > > path when calling Re
anks for the report. Can someone review this patch?
I suppose this'll need a CVE, as local, authenticated users can
can DoS polkitd.
I also updated your test program to properly handle errors,
new version attached.
From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001
From:
On Fri, Aug 29, 2014, at 07:42 AM, Stuart Longland wrote:
> Hi all,
> On 28/08/14 11:20, Stuart Longland wrote:
> > My research into this has suggested I need to make use of the
> > PolkitAgentTextListener:
> > http://www.freedesktop.org/software/polkit/docs/0.105/PolkitAgentTextListener.html
> >
Kalev, what's the status of this? I was thinking about doing a new
polkit release.
___
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/polkit-devel
On Fri, Apr 4, 2014 at 4:03 PM, Kalev Lember
wrote:
Hi all,
I took a stab at porting polkit to mozjs24 today. It builds fine and
successfully loads the rule files in my (admittedly very limited)
testing so far.
\o/
Should I try and keep mozjs 186 and 17 and 24 support with ifdefs, or
would
Hi,
On Thu, 2013-10-17 at 15:45 -0700, Rob Frohne wrote:
> I'm using Ubuntu 13.10 and more details can be seen at the bug report
> I made here.
>
> frohro@frohro-e6410:~
> $ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
>
> (polkit-gnome-authentication-agent-1:7734): polkit-gnom
On Mon, 2013-10-28 at 17:05 +, Colin Guthrie wrote:
> Leaving aside all comments regarding nspawn and such, is there a way for
> pkexec to automatically detect if the user is already root and avoid the
> dbus round trip and just assume things are authorised? This might be
> dangerous in some o
Hi Michael,
On Thu, 2013-09-19 at 13:06 +0200, Michael Biebl wrote:
> Hi Miloslav,
>
> regarding CVE-2013-4288, do youd which versions of polkit are affected
> by this issue?
> Since the changelog talks about deprecating racy APIs, does that mean,
> polkit clients need to be updated as well for t
25 matches
Mail list logo
