[packagekit] libpackagekit-gnome

[Richard Hughes]

On Mon, 2008-04-14 at 15:38 -0400, David Zeuthen wrote:
> > I don't think so - I think the issues are orthogonal. If we use a
> dbus service then we loose the auth-per-application feature. 
> 
> No, the D-Bus _session_ service would always ask the user for consent
> even if the user happens to be authorized. That's the only sane thing
> to do; you really don't want your application to start installing
> codecs without your consent. Do you disagree?

Yes, if I say to totem "Always download codecs and remember
authentication" - then that's what I want to do. I don't want to be
typing the admin password when I play a mp3 file, and then again when I
play a mp4 file, and then again when I play an xvid file for the first
time. I might want to _agree_ and click "okay to proceed" but not have
to auth all over again.

> > Then is there is
> > an exploit, we are then double screwed.
> 
> Exploit in what?

Well, if gpk-update-icon acts as a proxy for installing everything, then
gpk-update-icon is the main point of attack. Exploit this code, and you
can do anything you've remembered auth for as the auth is no longer
per-application, but per-session.

Richard.