As far as I know: * The authentication agent (e.g. PolicyKit-gnome) allows to enter a password without being spoofed, provided that you've somehow verified that it's the real dialog (a secure attention key, e.g. Ctrl+Alt+Del, is not implemented). In contrast it's not able to prevent mouse click emulation. The reason this is not possible yet is that it depends on some work in the graphics stack being done. Therefore there's are no passwordless buttons. * If an graphical application has a certain non-one-shot permission, any malware can control the GUI, until you "drop" the permission. * Because policykit does not not run in a separate security context, malware could hijack the authentication dialog and spoof the text in the dialog - thus tricking the user into install things that are not desired.
The long-term is: * Authentication agent in a separate security context * A secure attention key for non-consumer setups * Yes/no dialogs are possible, but not explicitly planned * You will have a look at further ideas, if you've got the separate security context and all that "jazz" Is that right? Is there any process on the graphic stack, the X server and SeLinux? _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
