PolicyKit releases and !AWOL

Michael Biebl mbiebl at gmail.com
Sun Dec 16 18:02:54 PST 2007


2007/12/17, David Zeuthen <david at fubar.dk>:
>
> Hey,
>
> Sorry for the lag; I was in gvfs land all last week!
>
> On Mon, 2007-12-10 at 19:21 +0100, Michael Biebl wrote:
> > I got another patch for PK-gnome (attached), which sets the correct
> > categories for the polkit-gnome-authorization desktop file.
>
> This change
>
> -Categories=Settings;X-GNOME-SystemSettings;
> +Categories=GNOME;System;Settings;
>
> seems to break it for me on Fedora Rawhide. Mmm. I must admit I'm not an
> expert on desktop files; adding Matthias as Cc, he probably knows.

Interesting. X-GNOME-SystemSettings doesn't work for me (Debian unstable).
Is this maybe a Fedora-only thingie?

Please see also:
http://standards.freedesktop.org/menu-spec/latest/apa.html

>
> > 2.) $(libexecdir)/polkit-grant-helper-pam should be world readable,
> > 4754. You don't gain extra security by making it non-readable. see
> > also [1].
>
> Interesting. I guess you're pointing to the paragraph:
>
> > Setuid and setgid executables should be mode 4755 or 2755
> > respectively, and owned by the appropriate user or group. They should
> > not be made unreadable (modes like 4711 or 2711 or even 4111); doing
> > so achieves no extra security, because anyone can find the binary in
> > the freely available Debian package; it is merely inconvenient. For
> > the same reason you should not restrict read or execute permissions on
> > non-set-id executables.
> >
>
> I think that's sorta bogus; how would the user extract the file and make
> it run as setuid root?

Well, making it 4754, means everyone can read the binary.
If you make it 4750, the user can download the deb/rpm and extract the
binary from there to read it. So you don't gain any additional
security by making it non-readable

>
> The reason it's not world readable is simply to avoid the attack vector
> that is an unprivileged user trying to run it hoping to gain root by
> exploiting buffer overflows etc.

Readable and executable are two different things.
I didn't advocate to make it world-executable.

Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


More information about the hal mailing list