[packagekit] libpackagekit-gnome
David Zeuthen
david at fubar.dk
Mon Apr 21 17:54:19 PDT 2008
On Tue, 2008-04-22 at 01:37 +0100, Richard Hughes wrote:
> Yes, if I say to totem "Always download codecs and remember
> authentication" - then that's what I want to do. I don't want to be
> typing the admin password when I play a mp3 file, and then again when I
> play a mp4 file, and then again when I play an xvid file for the first
> time. I might want to _agree_ and click "okay to proceed" but not have
> to auth all over again.
That's latter is what I'm suggesting. The point is this: we don't want
any random application to automatically install stuff without the users
consent. This is just a matter of putting the user in control and
general courtesy towards the user to keep him in the loop. Hence the
click "OK to proceed". (The authentication bits are orthogonal to this)
> Well, if gpk-update-icon acts as a proxy for installing everything, then
> gpk-update-icon is the main point of attack. Exploit this code, and you
> can do anything you've remembered auth for as the auth is no longer
> per-application, but per-session.
The difference is that in the future gpk-update-icon can be locked down
once we have a secure windowing system and a secure toolkit and we
invest time in auditing the relatively few LOC that is in
gpk-update-icon. This can never ever be the case with e.g. the totem
process because it brings in millions of LOC including video decoders
that are historically very very easy to exploit. Or the open office
process.. or any other application that will hopefully take advantage of
this neat feature of PackageKit.
David
More information about the PackageKit
mailing list