|
|
Subscribe / Log in / New account

Fedora and pkexec

Fedora and pkexec

Posted Feb 3, 2022 23:07 UTC (Thu) by mchapman (subscriber, #66589)
In reply to: Fedora and pkexec by cortana
Parent article: Fedora and pkexec

Newer polkit still supports "polkit local authority" INI files through pkla-admin-identities + pkla-check-authorization. These can be invoked from the newer JavaScript-based authority, and the default polkit configuration does just that.

I'm wondering if Debian doesn't use a newer polkit simply because they object to using JS (or perhaps the old mozjs library?) in a security-sensitive context.

to post comments

Fedora and pkexec

Posted Feb 4, 2022 17:59 UTC (Fri) by cortana (subscriber, #24596) [Link] (2 responses)

That proposed reasoning seems odd to me, mozjs is already exposed, via its use in Firefox, to the most hostile of all possible environments: the internet!

I wish the reason was documented in the package's README.Debian file...

Fedora and pkexec

Posted Feb 5, 2022 22:00 UTC (Sat) by khim (subscriber, #9252) [Link] (1 responses)

Firefox, like Chrome, doesn't trust it's renderers and sandboxes mozjs for a reason.

Polkit does the exact opposite.

Fedora and pkexec

Posted Feb 6, 2022 4:42 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

The reason being that they're exposed to untrusted input in a way that polkit isn't?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds