[packagekit] Debconf and PackageKit Was Re: Packagekit and Ubuntu
dantti85-pk at yahoo.com.br
Thu Feb 11 04:10:50 PST 2010
> On Tue, 9 Feb 2010 15:06:49 +0000, Colin Watson wrote:
> > We're assuming here that the transaction-id is secret, I think, because
> > the point is that the rootly debconf can talk to an object on the system
> > bus whose path is constructed using the transaction-id, and be sure that
> > that object was started by the PackageKit client. Is that assumption
> > sound?
> I'm not sure that it is.
> Anything can see the list of transaction ids by querying DBus, and could
> then race with the owning process to register with o.d.Debconf for that
> transaction id.
> Therefore if we want to do registration then we have to use a nonce in
> the transaction that isn't exposed over DBus.
> Richard didn't like registration though, so what are the alternatives:
> * the backend gets told which DBus name owns the transaction and can
> then call methods on it directly.
> - This has the advantage that there is less code, but it does limit
> us to doing all debconf prompting in-process.
> * the transaction id could be used, but we use information available
> on DBus to restrict who can register for a given transaction. For
> instance the uid of the process must be the same as the uid of the
> process that started the transaction (and the same pid if we
> - This again is quite simple, but I'm not sure whether there are
> concerns about malware in the user's session interfering. Given that
> they could generally hijack the process and steal the nonce in that
> approach I'm not sure that this is a worry.
It seems you guys did not like the connection ID idea, but if you use
the transaction ID as an unique thing (as you know this is a public thing)
this will be more like a PackageKit frontend than a Debconf general frontend,
IMHO if the GUI running as user call dconf-dbus which register
itself on the system bus and return the dbus connection id
now you have one thing that only the application that will ask
for a install task will know. Then forward this to PackageKit as
root (by using setHints() ) which the backend sets an envvar with this value.
IMHO this is still the safer method and we don't need to change
PackageKit at all.
Veja quais são os assuntos do momento no Yahoo! +Buscados
More information about the PackageKit