On 5/1/21 12:14 pm, Levente Polyak via pacman-dev wrote: > WeOn January 5, 2021 1:43:32 AM GMT+01:00, Allan McRae via pacman-dev > <[email protected]> wrote: >> So... I am super-anti polkit in any form for terminal based programs. >> I would be happy to use polkit in any graphical frontend, but we don't >> have one in the pacman code base! >> >> >> Lets break the problem down a bit: >> >> The areas we need root: >> a) package installation >> >> The areas we should run as a dedicated user: >> b) database download >> c) package download >> d) gpg verification (for keyring ownership) >> >> Am I missing anything? >> >> >> The rest can be run as a user. >> >> Currently, both the areas needing run as root and those that could be a >> dedicated user are well detected, so any operation requiring these at >> any stage checks for root privileges. Any operation not requiring root >> privileges at any stage can be run as a user. The problem is when >> there >> are combined operations! >> >> A "quick fix" would be to boot operations b-d to separate helper >> binaries, with the pacman binary offloading as necessary. That removes >> most of our attack space. >> >> For a more complete pacman fix, note that all root (or dedicated user) >> needed operations happen first in any transaction - e.g. -Syi does the >> "y" first, so pacman could just drop root privileges as soon as those >> are done. > > > So far so good, but I think it's a bit more complicated >
Can you expand that thoughts rather than leaving us in a cloud of mystery?
