PolicyKit releases and !AWOL
David Zeuthen
david at fubar.dk
Sun Dec 16 17:48:27 PST 2007
Hey,
Sorry for the lag; I was in gvfs land all last week!
On Mon, 2007-12-10 at 19:21 +0100, Michael Biebl wrote:
> I got another patch for PK-gnome (attached), which sets the correct
> categories for the polkit-gnome-authorization desktop file.
This change
-Categories=Settings;X-GNOME-SystemSettings;
+Categories=GNOME;System;Settings;
seems to break it for me on Fedora Rawhide. Mmm. I must admit I'm not an
expert on desktop files; adding Matthias as Cc, he probably knows.
> 1.) /var/lib/misc/PolicyKit.reload should be mode 644, it's not an
> executable or script.
Right. I've moved it to /var/lib/PolicyKit-public/reload now and made it
0644
(The SELinux folks were complaining about it being in misc due to how
they label things (gah!))
> 2.) $(libexecdir)/polkit-grant-helper-pam should be world readable,
> 4754. You don't gain extra security by making it non-readable. see
> also [1].
Interesting. I guess you're pointing to the paragraph:
> Setuid and setgid executables should be mode 4755 or 2755
> respectively, and owned by the appropriate user or group. They should
> not be made unreadable (modes like 4711 or 2711 or even 4111); doing
> so achieves no extra security, because anyone can find the binary in
> the freely available Debian package; it is merely inconvenient. For
> the same reason you should not restrict read or execute permissions on
> non-set-id executables.
>
I think that's sorta bogus; how would the user extract the file and make
it run as setuid root?
The reason it's not world readable is simply to avoid the attack vector
that is an unprivileged user trying to run it hoping to gain root by
exploiting buffer overflows etc.
David
More information about the hal
mailing list