On Wed, Feb 16, 2022 at 12:38 PM Lennart Poettering
<mzerqung(a)0pointer.de> wrote:
On Mi, 16.02.22 12:12, Ben Cotton (bcotton(a)redhat.com) wrote:
> `pkexec` and `pkla-compat`
> ([
https://src.fedoraproject.org/rpms/polkit-pkla-compat package]) are
> legacy tools that are no longer needed on a desktop and increase the
> attack surface as they are SetUID binaries (`pkexec`) or not
> maintained anymore (`pkla-compat`).
I find this wording weird... I seriously doubt we should consider
"pkexec" legacy. It's the much nicer approach to the "sudo"
problem,
as mentioned in earlier discussions...
Splitting it off into a separate package might be OK, but claiming
that the fact that it is a suid binary makes it "legacy" sounds really
strange to me, by that means we should also mark "sudo", "su",
"ping",
"mount", "umount", "write", "passwd", … and so on
"legacy", but I
doubt we are at that point, are we?
hence I am not against the feature but please tone down the wording
regarding pkexec, it's misleading. Say you want to split it out to
reduce the attack surface, but don't use the word "legacy" in its
context.
(dropping "pkla-compat" given its unmaintained state is Ok to be
called "legacy" i guess)
I think I'd go stronger and say I don't really see the value in
splitting out pkexec at all. I'd rather people have a default path to
do safer privilege escalation, and pkexec is way better than
sudo/doas/etc in that regard.
--
真実はいつも一つ!/ Always, there's only one truth!