WeOn January 5, 2021 1:43:32 AM GMT+01:00, Allan McRae via pacman-dev <[email protected]> wrote: >So... I am super-anti polkit in any form for terminal based programs. > I would be happy to use polkit in any graphical frontend, but we don't >have one in the pacman code base! > > >Lets break the problem down a bit: > >The areas we need root: >a) package installation > >The areas we should run as a dedicated user: >b) database download >c) package download >d) gpg verification (for keyring ownership) > >Am I missing anything? > > >The rest can be run as a user. > >Currently, both the areas needing run as root and those that could be a >dedicated user are well detected, so any operation requiring these at >any stage checks for root privileges. Any operation not requiring root >privileges at any stage can be run as a user. The problem is when >there >are combined operations! > >A "quick fix" would be to boot operations b-d to separate helper >binaries, with the pacman binary offloading as necessary. That removes >most of our attack space. > >For a more complete pacman fix, note that all root (or dedicated user) >needed operations happen first in any transaction - e.g. -Syi does the >"y" first, so pacman could just drop root privileges as soon as those >are done.
So far so good, but I think it's a bit more complicated
