On Sat, 2016-10-22 at 21:10 +0200, Alad Wenter wrote:
> For the second reason, is "it came from uid 0" a
> sure reason for polkit to belive the message when the origin behind
> uid
> 0 is from a suid binary? Or is that where the first reason on
> checking
> authentication comes in?
Any unrestricted uid-0 process can do whatever it wants to your system,
so yes, it is trusted (in the formal security sense of the word: it is
a component that would be able to break your security policy).
For it to be correct for the uid-0 binary to send that message, it
needs to be reasonably sure that the person at your keyboard is in fact
you. It does that by running the PAM authentication stack, which
usually means asking you for your password as proof that you are who
you claim to be.
(The reason for using PAM is that this lets you/your sysadmin configure
the system to require more than just a password, or less than a
password, whatever is appropriate for your security needs. For
instance, there are PAM modules for one-time passwords, fingerprint
readers, two-factor authentication and so on, if you want those.)
S
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/polkit-devel
