What are these for?

Matthew Miller mattdm at fedoraproject.org
Wed Nov 21 12:33:42 UTC 2012 

On Wed, Nov 21, 2012 at 12:37:47PM +0100, lee wrote:
> > This records secure log messages from the kernel, including SELinux alerts.
> > You don't technically _need_ it, but these are important messages.
> Why does it need it's own daemon rather than using /var/log/messages
> where I might even see the messages?  And aureport says there have been

Because the syslog interface isn't secure. 

> 8765 events within 17 days.  How am I supposed to keep track of that
> with over 500 events per day in messages I never see?  How would I
> reasonably read these messages?

That's a classic sysadmin's dilemma. It would be nice to have some good open
source processing, analysis, and correlation tools.


> Will it at least send me an email when something happens I should know
> about?

You could configure it that way.



> So mcelog *might* be useful if I have problems with kernel panics, which
> I don't.

If you are certain your hardware will never have any problems in the future,
or if you don't mind your system not responding to them properly, or if
you're running in a VM, you can certainly turn it off.


> > Polkit allows applications to use root permissions for fine-grained
> > actions rather than running as root all the time.
> So they become like 1/4, 3/8 or 1/2 root and do something only root should
> be allowed to do?
> > That increases security.
> How?  It seems to do the opposite.

By only asking for and using privileged access when required. That's a
fundamentally good idea.


> > For example, a timezone applet can show you the time as a regular user
> > and only require extra authentication to change it.
> Regular users must not change the system time.  It's on UTC and kept on
> track with chrony.

Well, exactly. That's why you would need extra authentication to change it.

> > However, if you don't want or need this functionality, applications
> > are supposed to gracefully fall back to requiring root.
> So for example instead of ls or emacs becoming only 1/4 root, I would
> have to run them as root?  And if I don't run them as root, I'd have to

Since neither ls nor emacs is written to use polkit, running them as root
when you need to access a particular file is in fact the only option you
have.


> Neither ls nor emacs ever asked me for extra authentication.  And how
> would it increase security if I entered the password for root into
> arbitrary applications whenever they ask me for it?

It wouldn't. In a GUI, polkit has a distinctive, separate dialog box it uses
to ask for authentication. It's absolutely true that spoofing this sort of
dialog is a concern.


> It certainly does decrease security getting users used to enter the root
> password everywhere.  Polkit should be deprecated.

In the typical configuration on Fedora, users in the `wheel` group are asked
to provide their *own* password for this sort of access.


If you have an alternate implementation that solves the problems polkit was
meant to solve in a demonstrably better way, develop the code and propose it
as a Feature for a future Fedora.

-- 
Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm at fedoraproject.org>

More information about the users mailing list