On Fri, 2009-11-20 at 19:29 -0500, David Zeuthen wrote: > For example, 'pkexec bash' is indeed safe even when your session is > compromised exactly because (one-shot) authentication would happen in > another security context (and because pkexec(1) itself runs in a > separate security context because it is setuid root).
(Granted, if you have a compromised session, giving it a root shell isn't really a great idea ;-) ... The point, however, is that you can safely (insofar you can verify the command via e.g. http://people.freedesktop.org/~david/pkexec-command.png or similar) run super-user commands via pkexec(1) from a compromised session without your root password being snooped - for example, you could launch a new session or something.) David _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
