remove polkit from core?

[Steve Grubb]

On Tuesday, November 13, 2012 09:37:07 AM Steve Grubb wrote:
> For anything with name=value, we normally use the textfilecontent54 which we
> can define a regex to pick out the items of interest. However, with a
> language, you have multiple ways of expressing the same idea. for example,
> 
> if (foo() > 500)
> 
> and
> 
> uid = foo();
> if (uid > 500)
> 
> and
> 
> start = 500;
> uid = foo();
> if (uid > start)
> 
> do the same thing. Then throw in comments and indentation and it you have
> lots of possibilities. This is also not considering whether the code
> actually meets the intent or allows unintended functionality (exploits).
> 
> The only thing I can think of, using what's currently available in SCAP is
> to use filehash58 and call it a day. This has the drawback of notifying the
> admin that the hash doesn't match instead of a useful, actionable, message.
> They will be left wondering why the hash doesn't match and what they can do
> to fix it.


And then if the javascript was found to have a vulnerability in it and it got 
fixed or perhaps updated to allow smartcard functionality or something...now 
the hash doesn't match. The old vulnerable hash will be forever encoded into 
guidance with almost no way to get a standards body to change it.

With name = value, the vulnerability would likely be in the compiled code and 
the compliance check would pass. In this case the settings are verifiably 
correct because the config file is not changed and part of the compliance check 
usually involves running the OVAL content the Red Hat security response team 
generates which checks the rpm version.

-Steve


> This is not going to help security. This should be a lesson to anyone
> wanting to adopt a languge for system configuration and policy decision.