[PolicyKit] Authorizations of Interpreted Languages

Olivier Galibert galibert at pobox.com
Wed May 14 06:48:45 PDT 2008


[sorry for the encoding-damage to your name]

On Wed, May 14, 2008 at 04:12:11PM +0300, S.Ça??lar Onur wrote:
> For example "tr.org.pardus.comar.boot.modules.load" action is called
> when a user starts a VirtualBox, VirtualBox wrapper checks "vboxdrv"
> module and if it's not loaded asks COMAR to load it, if client is
> authorized, COMAR loads that module, if not, PolicyKit-* tries to
> grant that privilege. If user gains "module loading" privilege from
> PolicyKit, COMAR loads needed module and VirtualBox starts as
> desired.

[...]
> But this also means ___any python script___ used by that user while
> session is active can use "tr.org.pardus.comar.boot.modules.load"
> actions to load arbitrary kernel modules :(.

Ok, some details are unclear there.

Who is COMAR running as?  The requesting user or a different
priviledged user?  If it's the user, what prevents any other process
of that user to say "Hi, I'm COMAR, trust me, load this module
please"?

If PolicyKit grants the user the "module loading" priviledge, doesn't
that mean that the user is allowed to load arbitrary kernel modules in
the first place, hence your issue isn't an issue in the first place?

Maybe you do not want a general "module loading" priviledge in the
first place, but a module loading priviledge for a specific set of
modules you know you'll need to play with in the course of normal
sessions, giving two categories of modules (known to be useful to play
with as a user vs. the others).  The "list of useful modules" could
start with vboxdrv, kqemu, loop... and granting access to them as a
whole could be considered acceptable.  You don't always want _too_
fine-grained anyway.

  OG.



More information about the hal mailing list