[systemd-devel] Best way to limit per-user system-wide units
Michael Chapman
mike at very.puzzling.org
Tue Dec 13 22:56:13 UTC 2016
On Wed, 14 Dec 2016, Samuel Williams wrote:
[...]
> The nice thing about sudo is that it is a general framework that is
> well tested, well documented, and works everywhere... polkit, less so.
> Even with the best of intentions, looking at how well people have
> managed to script security features (e.g. look at the whole ethereum
> contract fiasco), stuff in that PR makes me a bit worried. What's the
> chance someone screws up a security rule? JavaScript is only a small
> step up from PHP in terms of semantic rigour, so I'd be concerned
> about that too.
Well, given I opened the PR, I'd hope the chance is very low -- at least,
no more than sudo. At least the JavaScript is given a minimal standard
library, it's sandboxed and run as an unprivileged user. :-p
I always think the problem with sudo is that it turns "mere bugs" into
security vulnerabilities. systemctl was designed to be run both by root
and by users -- but if there's a bug in it, then such a bug does not on
its own grant users any more privileges than they would have normally. It
wasn't designed to be run _as_ root _by_ a user; so using systemctl
through sudo is effectively using it outside its design parameters.
Anyhow, this isn't really the right time or place to discuss sudo vs other
authentication frameworks. I'm afraid I don't have any better suggestions
though.
- Michael
More information about the systemd-devel
mailing list