[Portland] xdg-su -u option

David Zeuthen david at fubar.dk
Sat Apr 22 18:38:32 EEST 2006


On Sat, 2006-04-22 at 16:06 +0200, Kevin Krammer wrote:
> As far as I can see we would only have one alternative to satisfy both the 
> timeframe goal of xdg-utils and the "no su helper" goal: having a fixed set 
> of root actions that can be peformed.
> For example instead of doing
> xdg-su -c xdg-menu --install app.desktop
> we would use
> xdg-root-action --install-menu app.desktop
> The advantage is obviously that it can be implemented using su now and some 
> IPC later when it becomes available, however the disadvantage is that we will 
> have to compile a list of all necessary actions beforehand or at least the 
> most important ones.

Yea, I think that looks a lot better. Specifically, since
xdg-root-action is an interface, OS vendors may replace it with their
own code that uses native security features of the OS such as SELinux

> Since we are not actually flooded with feedback, I guess it will be quite 
> unlikely that we will get a good list soon enough.

Well, we can hit the most common cases and, as I pointed out elsewhere,
if an ISV needs root privileges to do something there are other ways
though he needs to be less lazy.

> From my point of view (2) is the main goal of the Portland project, however 
> xdg-utils is about delivering a working solution ASAP, not necessarily the 
> most beautiful/powerful solution.

Timing is important, but it's never ever an excuse to shipping software
that we know is fundamentally insecure.


More information about the Portland mailing list