User: Password:
Subscribe / Log in / New account

Fun with NULL pointers, part 1

Fun with NULL pointers, part 1

Posted Jul 21, 2009 7:21 UTC (Tue) by gmaxwell (guest, #30048)
In reply to: Fun with NULL pointers, part 1 by nix
Parent article: Fun with NULL pointers, part 1

Yea… policy kit. Great stuff.

By default fedora allows the desktop users to change the system time. All they must do is ender the *user's* password (not root!) and even that they only have to do it once.

Great stuff great stuff.

Although many people have pointed out the terrible security implications nothing has been done. Sometimes it really does take some high profile compromises to get things fixed.

(Log in to post comments)

Fun with NULL pointers, part 1

Posted Jul 21, 2009 9:45 UTC (Tue) by cortana (subscriber, #24596) [Link]

But that's not the fault of PolicyKit itself. Rather it's the fault of the distributor who shipped it with a policy that a) allows an unprivileged user to change the system time and b) does not force them to re-authenticate whenever they wish to do so.

Concerns about the increased vulnerability surface caused by the complexity of PolicyKit are still justified, but Fedora's default policy being stupid is not relevant to that discussion. If we wanted to blame the system for allowing the user to do stupid things then we may as well all give up and move back to Windows. :)

Fun with NULL pointers, part 1

Posted Jul 21, 2009 9:56 UTC (Tue) by nix (subscriber, #2304) [Link]

The concern isn't just that the vulnerability surface has increased: it's that we can't even easily tell what it is anymore.

Determining the set of privileged code that could carry out operations on behalf of unprivileged users was fairly simple in the days before PolicyKit: find setuid/setgid binaries, chase their shared library dependencies and (if you're paranoid) see what they can dlopen(). Just a grep away, in any case.

Now, we have to analyze the dbus and PolicyKit policies as well, and XML is... not terribly amenable to analysis with Unix-style shell tools. (Some Perl packages come with XML-style XPath-based grep tools, but they are a) rarely installed and b) seriously cumbersome. We really need an awk for XML.)

Fun with NULL pointers, part 1

Posted Jul 21, 2009 12:52 UTC (Tue) by nim-nim (subscriber, #34454) [Link]

> We really need an awk for XML.

Just use xsltproc directly (though not having to use a detached xslt file would be nice)

Fun with NULL pointers, part 1

Posted Jul 22, 2009 22:00 UTC (Wed) by nix (subscriber, #2304) [Link]

Ew, no. Utterly un-awklike and doing awk-like transformations with XSLT is
really quite painful. (And yes, you can do awklike languages for things
other than text streams: see gvpr(1) for example.)

(One of many problems is XSLT's heavy use of <>, which makes it very
annoying to use from the shell prompt. Another is its astonishing
verbosity. Another is its total lack of good taste in design... also the
functional nature of it, while one of its nicer aspects, fits very badly
with the shell in my experience.)

Fun with NULL pointers, part 1

Posted Jul 21, 2009 14:01 UTC (Tue) by gmaxwell (guest, #30048) [Link]

Poliykit plays a role: If you go look at the discussions on the fedora list you'll see that there was some degree of argument what the actual behaviour was— Was it asking for a password at all (some people thought it wasn't because it only did so once) and was it asking for the root password? A lot of people had used and never realized that it was asking for their user password rather than root.

SUID is more unambiguous.

xml awk

Posted Jul 22, 2009 7:08 UTC (Wed) by Frej (subscriber, #4165) [Link]

xml awk

Posted Jul 22, 2009 11:18 UTC (Wed) by nix (subscriber, #2304) [Link]

That looks nice. Not very awkish though...

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds