On Mi, 16.02.22 15:01, Adam Williamson (adamwill(a)fedoraproject.org) wrote:
> > hence I am not against the feature but please tone down the
wording
> > regarding pkexec, it's misleading. Say you want to split it out to
> > reduce the attack surface, but don't use the word "legacy" in
its
> > context.
> >
> > (dropping "pkla-compat" given its unmaintained state is Ok to be
> > called "legacy" i guess)
>
> I think I'd go stronger and say I don't really see the value in
> splitting out pkexec at all. I'd rather people have a default path to
> do safer privilege escalation, and pkexec is way better than
> sudo/doas/etc in that regard.
This feels a bit unrealistic to me. In the real world, I can recall off
the top of my head exactly zero docs, guides, articles, howtos etc.
that use pkexec. They all use sudo. Like it or not, sudo is what people
use. The sensible thing to do there is devote attention to making sure
sudo is as secure as possible, or actually make some kind of big effort
to convince people to use pkexec instead.
sudo is what users/admins use. pkexec is what (desktop) programs often use.
docs/guides/articles/howtos are focussed on users/admins. hence of
course, you won't find it mentioned there.
I just tried this, actually, for giggles. Two reasons it's a
non-
starter: it prompts for the root password, not for my user password (my
user is an 'admin' so far as sudo etc. are concerned, but apparently
not an 'admin' so far as interactive pkexec is concerned). I do not
know the root password, it is intentionally a 24-character random
string I would have to look up.
When I hit "pkexec" a nice GNOME shell prompt pops up asking me for
*my* password, not root's.
And it prompts with one of those
goddamn 'secure' GNOME popovers which prevents you accessing your
password manager, so every time you hit one, you have to cancel it, go
to your password manager, copy the password it wants, then trigger it
again.
No way on earth I'm using that.
Then don't. But whether you use it or whether it's "legacy"/should go
away are two distinct questions.
Lennart
--
Lennart Poettering, Berlin