Security policy oversight needed?
Kevin Kofler
kevin.kofler at chello.at
Fri Nov 20 01:58:29 UTC 2009
Gregory Maxwell wrote:
> In the past I could simply check to see if a package contained SUID 0
> binaries or modified a small number of fairly obvious system config
> files and have good confidence that it wasn't changing the root/user
> boundary line.
The helpers which actually perform the actions authorized by PolicyKit still
need to become root through some other way, PolicyKit is only used to
validate that the user is authorized to use the helper.
AFAIK, there are only 3 ways the helper can get root:
* SUID 0 (which you're already checking for)
* running as a permanent systemwide service (you definitely need to audit
those!)
* D-Bus activation into the system bus: This one is new, you need to check
for /usr/share/dbus-1/system-services/*.service
PolicyKit on its own doesn't escalate privileges.
Kevin Kofler
More information about the devel
mailing list