2011/1/17 David Zeuthen :
> Sorry for not replying until now - I've been traveling.
You did not even reply on my last e-mail from 9th December 2009.
>In fact, with the way PolicyKit is
> designed, the authentication agent can easily run on a *separate*
> device. For example a usb-attached device w
As far as I know:
* The authentication agent (e.g. PolicyKit-gnome) allows to enter a
password without being spoofed, provided that you've somehow verified
that it's the real dialog (a secure attention key, e.g. Ctrl+Alt+Del,
is not implemented). In contrast it's not able to prevent mouse click
em
It's really needed to change the whole policykit design to go away
from password-centered security principle.
___
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/polkit-devel
You can put this file as "packagekit.pkla" into
"/var/lib/polkit-1/localauthority/50-local.d":
[PackageKit]
Identity=unix-group:admin
Action=org.freedesktop.packagekit.*
ResultAny=no
ResultInactive=no
ResultActive=yes
You may use unix-group:desktop_admin_r instead of unix-group:admin
non-one-shot authorization, the authorization is already
gone to the malware? Do you need any extra security hole?
> On Sat, 2009-11-21 at 15:22 +0100, memo...@googlemail.com wrote:
>> >Ditto, actually, for any action for which the authorization is one-shot
>> >and a system daemon is us
Currently you have to enter your password each time you do an
"Password" action to verify that you trust this application and that
you want to have the authorization for a certain time frame. The
current policykit concept is already an redundant duplicity. In my
concept correctly installed applicat
>I propose to remove "Auth" and "Ask_Admin".
Ooops, I mean "Auth" and "Auth_Admin".
___
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/polkit-devel
>Also I'm not exactly sure what you mean by 'malware protection'
Malware protection means that the user and not the malware decides, so
that an policykit action is not available to malware, only to trusted
applications, where the user decides and which can't be controlled by
malware. It means:
* On
I wonder if malware protection is in the policykit concept. At first
there was some beginning of malware protection with the "constraints"
concept, where you could limit an authorization to an application. In
June 2009 David Zeuthen said, he does not plan malware protection
(http://lists.freedeskto
Thanks for your answer and the stuff to read, David Zeuthen.
2009/11/13 David Zeuthen :
> The thing is (to use the same terms you are using) - non-evil software
> can easily turn evil if it gets infected. Especially with things like
> Adobe's flash player. And multimedia codecs. And filesystem dri
2009/10/31 Vladimir :
> well, why do I need some policy kit at all then?
You need policykit to check if an user or a group is authorized to do
a certain action. Also there should be a user-level policykit to
prevent or to allow certain user programs doing certain actions. You
maybe also want to lim
I propose to allow admins to change settings without to enter their
password. Think about the reason the user is asked for a password.
It's not really to protect the system from evil local users, because
you always lock your desktop before you go away. The real reason is
that applications want to v
12 matches
Mail list logo
