What are these for?
Matthew Miller
mattdm at fedoraproject.org
Wed Nov 21 12:33:42 UTC 2012
On Wed, Nov 21, 2012 at 12:37:47PM +0100, lee wrote:
> > This records secure log messages from the kernel, including SELinux alerts.
> > You don't technically _need_ it, but these are important messages.
> Why does it need it's own daemon rather than using /var/log/messages
> where I might even see the messages? And aureport says there have been
Because the syslog interface isn't secure.
> 8765 events within 17 days. How am I supposed to keep track of that
> with over 500 events per day in messages I never see? How would I
> reasonably read these messages?
That's a classic sysadmin's dilemma. It would be nice to have some good open
source processing, analysis, and correlation tools.
> Will it at least send me an email when something happens I should know
> about?
You could configure it that way.
> So mcelog *might* be useful if I have problems with kernel panics, which
> I don't.
If you are certain your hardware will never have any problems in the future,
or if you don't mind your system not responding to them properly, or if
you're running in a VM, you can certainly turn it off.
> > Polkit allows applications to use root permissions for fine-grained
> > actions rather than running as root all the time.
> So they become like 1/4, 3/8 or 1/2 root and do something only root should
> be allowed to do?
> > That increases security.
> How? It seems to do the opposite.
By only asking for and using privileged access when required. That's a
fundamentally good idea.
> > For example, a timezone applet can show you the time as a regular user
> > and only require extra authentication to change it.
> Regular users must not change the system time. It's on UTC and kept on
> track with chrony.
Well, exactly. That's why you would need extra authentication to change it.
> > However, if you don't want or need this functionality, applications
> > are supposed to gracefully fall back to requiring root.
> So for example instead of ls or emacs becoming only 1/4 root, I would
> have to run them as root? And if I don't run them as root, I'd have to
Since neither ls nor emacs is written to use polkit, running them as root
when you need to access a particular file is in fact the only option you
have.
> Neither ls nor emacs ever asked me for extra authentication. And how
> would it increase security if I entered the password for root into
> arbitrary applications whenever they ask me for it?
It wouldn't. In a GUI, polkit has a distinctive, separate dialog box it uses
to ask for authentication. It's absolutely true that spoofing this sort of
dialog is a concern.
> It certainly does decrease security getting users used to enter the root
> password everywhere. Polkit should be deprecated.
In the typical configuration on Fedora, users in the `wheel` group are asked
to provide their *own* password for this sort of access.
If you have an alternate implementation that solves the problems polkit was
meant to solve in a demonstrably better way, develop the code and propose it
as a Feature for a future Fedora.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the users
mailing list