On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov <[email protected]> wrote:
> Please, review: > https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec > > Issues: https://www.illumos.org/issues/6728 > https://www.illumos.org/issues/5633 > > > The issue is that glib incorrectly detects pfexec usage as setuid program > (even when pfexec doesn't change euid). So, it refuses to launch dbus - > https://github.com/GNOME/glib/blob/master/gio/gdbusaddress.c#L1060 > > We heal it by falling back to euid/uid comparison. We also use pfexec to > launch brasero and sound-juicer. > After > https://github.com/OpenIndiana/oi-userland/commit/9f0f786ce02ff7a120952fa34888cdcca5b8469d > console user (Console User) should have "Desktop Removable Media User" > profile and have sys_devices privileges, necessary for brasero and sound > juicer (which uses brasero libraries) to work with CD devices. > > I'm a bit concerned about unexpected security issues which it could cause.. The problem I see with using pfexec is that bad things happen if the user has some other profiles or privileges, so you end up giving those programs rights they don't need. For example, if the user is Primary Administrator then pfexec usually equates to "run as root", which probably isn't what you intend. Generally, using pfexec assumes that the program being run is privilege aware (so it can drop any unexpected privileges). -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
_______________________________________________ oi-dev mailing list [email protected] http://openindiana.org/mailman/listinfo/oi-dev
