Fwd: Why I can't compile upower without policykit and other *kit stuff?
Baybal Ni
nikulinpi at gmail.com
Fri May 7 13:15:02 PDT 2010
On 7 May 2010 05:36, David Zeuthen <zeuthen at gmail.com> wrote:
> On Fri, May 7, 2010 at 4:34 AM, Baybal Ni <nikulinpi at gmail.com> wrote:
>> Yes, if it's security matter at least make it working without suid root
>> first, like use pam instead. This policykit is hardly a security framework.
>
> Can you elaborate on the last statement please?
>
> David
>
Just for its extensive use of such a suboptimal thing as suid it can
be banished from some distros which accents on security. Secondly, a
hack to pk client means that pk will issue whatever permissions set by
user of defaults without further checks. And, thirdly a simplest hack
will be launching a fake dbus, and exploiting it for whatever reason.
PK utilises pam, and thus should be able to do things is a somehow
more safe way, while it's not utilising even a glimpse of its
features.
More information about the devkit-devel
mailing list