LWN: Comments on "Instructions from Fedora on fixing the dbus problem"

sudo = 1st account can subvert whole system

dlang — 2008-12-18T21:02:22+00:00

reading the policy kit link, it doesn't look like that comes close to solving the problem.

it is a toolkit to allow GUI programs to be segmented into privilaged and unprivilaged parts and standardize the communication between them.

this approach only works if someone re-writes everything that needs to be done as a privilaged user into a client-server GUI tool.

when you need to fix the GUI stuff, or do things not covered by it, you still need to go back and use sudo (or equivalent) to run the commands.

besides which, even if you have PolicyKit fully implmented, if the user is allowed to do everything then you have the same problem as sudo, if they aren't you still need some other way to do the stuff, so what do you do?

sudo = 1st account can subvert whole system

jspaleta — 2008-12-18T19:41:24+00:00

I believe PolicyKit is meant to be the 'right' answer for this space:
http://hal.freedesktop.org/docs/PolicyKit/introduction.html

There are a set of cmdline tools which let you set authorizations manually:
http://hal.freedesktop.org/docs/PolicyKit/tools-fileforma...

There is a gui for gnome called polkit-gnome-authorization which lets you administer defined actions from the gnome desktop.

Discussion reference:
https://listman.redhat.com/archives/rhl-devel-list/2008-A...

I dont use KDE, so I don't know the state of the kde equivalent for an authorization gui.

-jef

sudo = 1st account can subvert whole system

dlang — 2008-12-18T18:32:54+00:00

hmm,

when linspire has the user login as root everyone screamed about how stupid it was, that they should have setup sudo instead

now ubuntu (among other distros) setup sudo instead and people scream about it not being safe.

what exactly should a distro do? force every user to logout and login as root? we know that that's not a good idea, windows tried the equivalent and the result was that everyone ran as 'administrator' (root equivalent) all the time.

sudo = 1st account can subvert whole system

dwheeler — 2008-12-18T16:17:02+00:00

A big problem with the "sudo" approach is that any program you run - including, say, an attacker script sent via a browser - can use 'sudo' and overwrite ANYTHING, such as /bin/sh or the kernel.

With the "log in as root" approach, attacking programs don't get automatic access to the whole system.

Instructions from Fedora on fixing the dbus problem

pcampe — 2008-12-18T08:30:09+00:00

I think that Ubuntu approach is rather disturbing. It hides the existence of root for normal users (who in a vast majority probably think that "sudo" is the linux equivalent of "ehm" or "well") and allows every user to do everything as "well"... "sudo" is a prefix everyone could type in.

Instructions from Fedora on fixing the dbus problem

spiro — 2008-12-14T21:56:42+00:00

www.distrowatch.org has plenty of other distros to choose from. CentOS and, as mentioned, Debian are two popular ones that are stable and don't use experimental or untested code.

the whole point of fedora is that it's bleeding edge and it's where all the stability testing for Red Hat Enterprise Linux (and subsequently CentOS) comes from.

Instructions from Fedora on fixing the dbus problem

drag — 2008-12-14T05:05:18+00:00

If it's well documented then it's pretty do-able.

When I get tired of Metacity's crack-headness I usually retreat to the warm embrace of OpenBox.

Openbox's configuration, while rather intense, is actually quite easy to deal with. Every aspect of the WM's interaction with the mouse or keyboard is configurable. Each field is independently configured.. like title bar vs decorations vs window vs desktop etc etc.

A example entry would be like this:
<keybind key="W-d">
<action name="ToggleShowDesktop"/>
</keybind>

And it would be in the 'keyboard' section that is simply bracketed by this:
<keyboard>
blahblahblahblah
etc etc etc
</keyboard>

As far as the keywords and such the combination of the examples included in the default configuration and the good documentation on Openbox's website means that if I want to find out how to do something I can usually figure it out and have it working in a couple minutes rather then fumbling around in the dark for a half hour or more google'ng around and hoping somebody has some working snippets posted to some mailing list somewhere.

See:
http://icculus.org/openbox/index.php/Help:Contents

Then you can find what the 'ToggleShowDesktop' does at:
http://icculus.org/openbox/index.php/Help:Actions

> Hides all windows so that the desktop is visible, and gives focus to the desktop window if one exists (such as in GNOME and KDE). You can also use the action again to show the windows again, if no windows have become visible yet.

And gives a example on it's usage.

---------------------------

the only thing that sucks about it is that XML is wordy and all that, but that's something that can be worked around with a good text editor.

I suppose I am just saying that a decent text configuration file with good documentation and usable syntax is good while a text configuration with bad syntax and no documentation is a nightmare no matter if it's XML or what.

Instructions from Fedora on fixing the dbus problem

Ze — 2008-12-14T05:04:24+00:00

(The very thought of requiring sysadmins to modify XML to configure anything makes me break out in hives: XML isn't meant for humans to write and is way too easy to make mistakes in. But fontconfig lost me *that* argument long ago, and in a sense so did Apache, although at least an HTML-like syntax makes some sense in a web server's configuration file.)

Whilst I'm not a huge fan of XML either. It's not that hard to edit an existing XML file. I've edited HAL files recently and done web stuff (XHTML,HTML,JSP,XSLT,DTD's,VRML) in the past from scratch without any hassles.

Yes often documentation is sadly lacking in them but that is common in most projects whether they be open source or not.

Honestly though I'd like to see something better , ideally a config fs module that stores everything in a common format/back end but can export it in a wide variety of different formats with rules deciding which format it's exported in. So the format you edit it in isn't necessarily the file format your program reads it in. That should satisfy most people and result in projects not having to change much code.

'Safe mode' needed?

engla — 2008-12-13T19:44:39+00:00

There is no perfect system, there will always be complex enough computer programs that they will need human input especially when something goes wrong. In this case, linux distributions should have a stronger, more coherent and more definitive way to go wrong and tell the user about it!

So if d-bus, X, or something else is missing, tell the user and give it the control., Recommending upgrading the system in such cases is not a bad idea (since that's how large-scale breakages are fixed).

Instructions from Fedora on fixing the dbus problem

nix — 2008-12-13T18:27:05+00:00

Well, I don't like its XML-happiness very much at all, and one thing this
fiasco does indicate is that the XML that sysadmins are expected to modify
(e.g. in system.conf) isn't documented well enough.

(The very thought of requiring sysadmins to modify XML to configure
anything makes me break out in hives: XML isn't meant for humans to write
and is way too easy to make mistakes in. But fontconfig lost me *that*
argument long ago, and in a sense so did Apache, although at least an
HTML-like syntax makes some sense in a web server's configuration file.)

'Safe mode' needed?

epa — 2008-12-13T13:35:21+00:00

Perhaps as a precaution distributions should include a 'safe boot' option that loads a basic kernel, with just enough hardware support for network and disk access, and brings up the system in text mode letting the user install updates. Of course this is already possible with any Linux system, but we are seeing less technically capable users who don't understand boot parameters or how to use the shell. They would benefit from a minimal but still friendly interface that installs updates and reboots.

Ideally, this safe mode boot would never be needed.

Instructions from Fedora on fixing the dbus problem

luya — 2008-12-13T10:10:47+00:00

Root name is deceiving because Fedora restricts its privilege with SELinux and its policies. Consolekit and Policykit are other tools replacing sudo.

Instructions from Fedora on fixing the dbus problem

muwlgr — 2008-12-13T08:52:20+00:00

Fedora still uses root account with password. I think I like Ubuntu approach better (disabled password for root, and sudo rights for the first non-root user created on the system).

Instructions from Fedora on fixing the dbus problem

nevyn — 2008-12-13T05:12:30+00:00

Fedora has (in roughly descending order of firehose velocity):

rawhide
updates-testing
updates
updates --bugfixes --security
updates --security
updates --bz 123
updates pkg-foo

Lack of choice is not the problem, IMNSHO, and thus. more choice is not the solution.

Instructions from Fedora on fixing the dbus problem

tuna — 2008-12-12T23:50:53+00:00

This is a very insightful but quite short comment. Perhaps you could expand on where dbus is "bloated" and "crap" we all can follow your example and remove dbus with good conscience?

Instructions from Fedora on fixing the dbus problem

nix — 2008-12-12T23:11:29+00:00

dbus doesn't strike me as being especially bloated, given how much it
does. Certainly compared to, e.g. CORBA ORBs, it's downright trim.

Debian

mmcgrath — 2008-12-12T22:48:18+00:00

I love Debian. No matter how long I wait between installs, it always seems to stay the same :)

Instructions from Fedora on fixing the dbus problem

syntropy — 2008-12-12T21:46:45+00:00

Instructions for fixing the dbus problem?

Remove it. The bloated piece of crap it is, it should never have existed in the first place.

Instructions from Fedora on fixing the dbus problem

ballombe — 2008-12-12T21:40:26+00:00

> A distro with experimental, unstable, testing, proposed, security and stable update repos would be something!

You mean Debian ?

Instructions from Fedora on fixing the dbus problem

dowdle — 2008-12-12T21:18:19+00:00

The page you link to at the very top says:

The current policy is at https://fedoraproject.org/wiki/PackageMaintainers/MaintainerResponsibility. This is just a brain storming legacy page and is not in effect currently. Don't rely on information here."

The link mentioned works and seems to be more informative.

Instructions from Fedora on fixing the dbus problem

kragil — 2008-12-12T19:04:20+00:00

I got hit too .. I worked around the issue, but it definitely sucked that this happened with stable updates.

But everything is fine again. Thanks.

A distro with experimental, unstable, testing, proposed, security and stable update repos would be something!

Instructions from Fedora on fixing the dbus problem

ciol — 2008-12-12T18:50:28+00:00

I wonder how a distro can work when its update policy does not exist. It's the first thing to write (along with its goals and commitment to free software).

Ubuntu had same problem in 2006

thyrsus — 2008-12-12T18:12:40+00:00

Even the terminal update was failing for several hours yesterday: several mirror sites were missing mandatory dependencies. I manually forced my system to look at other mirrors by editing the /etc/yum.repos.d/fedora-updates.repo; this was definitely not a "consumer-grade" update.

Ubuntu had same problem in 2006

dwheeler — 2008-12-12T18:06:20+00:00

Ubuntu had the same problem with updates in 2006. In that, an X-windows update botch caused X to fail, requiring people to run the update from the terminal (and many didn't know how to do that). Microsoft has had update problems too (see same article).

Fedora has a lot of company :-).