Final (hopefully) privilege escalation policy draft
Adam Williamson
awilliam at redhat.com
Tue Feb 23 02:12:05 UTC 2010
On Fri, 2010-02-19 at 21:05 -0600, Matthew Woehlke wrote:
> Tim Waugh wrote:
> > On Mon, 2010-02-15 at 12:10 -0800, Adam Williamson wrote:
> >> That's correct. This is frankly a 'realistic' decision, on the basis
> >> that the PackageKit maintainer believes updating packages should be
> >> allowed for a regular user by default and intends to implement this, and
> >> I don't want to dictate this decision via the policy (that's not really
> >> what we're writing the policy for), so I'd rather just go with PK's
> >> choice there.
> >
> > The justification I remember for it was that authentication dialogs
> > should be for "exceptional" situations, not for things that might
> > regularly need to occur such as updates, and to avoid lulling users into
> > blinding typing passwords into dialogs every time they are presented
> > just to get stuff done.
>
> What happened to 'ask the first time, and at the same time ask to change
> the policy to make this action permitted without authentication'?
It was taken out of PolicyKit 1.x. The PK devs consider it a bad
paradigm. There's more detail in discussions on that list (going back a
ways, I think).
> IMO
> that's the right way. Either the user will be nagged *once*, or else
> they have said that they want to be nagged.
>
> And... IMO if the policy doesn't require this, then it fails to address
> the point that was the entire reason for wanting such a policy in the
> first place.
My reasoning for wanting a policy was to have a clear and central
definition of how Fedora intends to handle privilege escalation, not
necessarily to impose any tighter restrictions on privilege escalation
than were previously informally practiced.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list