[packagekit] Debconf and PackageKit Was Re: Packagekit and Ubuntu
dantti85-pk at yahoo.com.br
Tue Feb 9 07:16:48 PST 2010
> We're assuming here that the transaction-id is secret, I think, because
> the point is that the rootly debconf can talk to an object on the system
> bus whose path is constructed using the transaction-id, and be sure that
> that object was started by the PackageKit client. Is that assumption
no that's not secret, a simple dbus viewer can see all those TIDs
> I'm assuming without having checked that objects on the system
> bus can hide their paths from non-root processes. If that isn't the
> case, then the UI process will need to use an anonymous object path and
> the rootly backend will need to explicitly check that it knows the
> transaction-id. This is the same as the access control that James was
> talking about earlier, I think. This might be clearer anyway if we
> aren't guaranteed to be able to use all the characters of a PackageKit
> transaction-id in an object path; I haven't looked at the format.
And I think this is impossible, any user needs to access the transactions objects,
query it's status. An user might want to cancel a transaction of another user, which
is already possible.
That was one of the things I was a bit confused why you would want TIDs,
so I still think using the DBus connection ID is still a good solution.
Veja quais são os assuntos do momento no Yahoo! +Buscados
More information about the PackageKit