Application authorisations

James purpleidea at gmail.com
Thu Apr 29 07:08:18 PDT 2010


Hey,
I'm certaintly not the leading expert in this field but I'll offer my
thoughts if it helps:
The problem I see is that for a given multiuser system, any one user
could "give away" the position of the whole machine if
geoclue/geolocation was a per user session thing. Anyone with root
should have the final say.

Therefore it would make sense to me that geolocation services run in
the system user space. Suppose a user wants access, on first attempt
at using geolocation preferences policykit would need to authenticate
them. Assuming they get through this, a "magic-password" would then
get stored in that users gnome-keyring session. When individual apps
need access to geoclue, it's merely a matter of gnome-keyring saying
allow once, allow always, deny...; We've already given that *user*
access to the system. Gnome keyring takes care of the applications
level authorization you need.

Hope this makes sense! If it's a bad idea, I won't be sad, although I
think it's sensible. The only issue I can think of at the moment is
that the user would need to go through policykit credentials on first
auth, and then also gnome-keyring (eg the first time they use a
geoclue-preferences dialog.)

_J


On 4/29/10, Bastien Nocera <hadess at hadess.net> wrote:
> On Thu, 2010-04-29 at 07:55 -0400, Daniel J Walsh wrote:
>  <snip>
>
> > If you really want to secure it, you can use SELinux/Polkit/dbus to put
>  > a label on the executable on the client side and only allow clients with
>  > this label to communicate with the server through dbus.
>
>
> Is that something that's possible at the dbus level, or would it be
>  implemented in polkit or the application? Can't a normal user change the
>  labels of the binaries they own?
>
>
>  _______________________________________________
>  dbus mailing list
>  dbus at lists.freedesktop.org
>  http://lists.freedesktop.org/mailman/listinfo/dbus
>


More information about the dbus mailing list