[packagekit] Debconf and PackageKit Was Re: Packagekit and Ubuntu

Daniel Nicoletti dantti85-pk at yahoo.com.br
Thu Feb 11 04:10:50 PST 2010 

> On Tue, 9 Feb 2010 15:06:49 +0000, Colin Watson wrote:
> > We're assuming here that the transaction-id is secret, I think, because
> > the point is that the rootly debconf can talk to an object on the system
> > bus whose path is constructed using the transaction-id, and be sure that
> > that object was started by the PackageKit client.  Is that assumption
> > sound?
> 
> I'm not sure that it is.
> 
> Anything can see the list of transaction ids by querying DBus, and could
> then race with the owning process to register with o.d.Debconf for that
> transaction id.
> 
> Therefore if we want to do registration then we have to use a nonce in
> the transaction that isn't exposed over DBus.
> 
> Richard didn't like registration though, so what are the alternatives:
> 
>   * the backend gets told which DBus name owns the transaction and can
>     then call methods on it directly.
>     - This has the advantage that there is less code, but it does limit
>       us to doing all debconf prompting in-process.
> 
>   * the transaction id could be used, but we use information available
>     on DBus to restrict who can register for a given transaction. For
>     instance the uid of the process must be the same as the uid of the
>     process that started the transaction (and the same pid if we
>     desire).
>     - This again is quite simple, but I'm not sure whether there are
>     concerns about malware in the user's session interfering. Given that
>     they could generally hijack the process and steal the nonce in that
>     approach I'm not sure that this is a worry.

James,
It seems you guys did not like the connection ID idea, but if you use
the transaction ID as an unique thing (as you know this is a public thing)
this will be more like a PackageKit frontend than a Debconf general frontend,
IMHO if the GUI running as user call dconf-dbus which register
itself on the system bus and return the dbus connection id
now you have one thing that only the application that will ask
for a install task will know. Then forward this to PackageKit as
root (by using setHints() ) which the backend sets an envvar with this value.
IMHO this is still the safer method and we don't need to change
PackageKit at all.

Best,
Daniel.



      ____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com

More information about the PackageKit mailing list