On 10/21/2016 07:10 PM, Simon McVittie wrote:
On Fri, 2016-10-21 at 13:40 +0200, Alad Wenter wrote:
While looking suid files on my system I noticed that
/usr/lib/polkit-1/polkit-agent-helper-1 is suid root, and I was
curious
on the reasoning beyond this.
The agent's job is to tell the polkit daemon "yes, this is definitely
Alad, and not someone else who has sat down at Alad's computer". This
means it wants to be uid 0 for two reasons:
* to be able to run the PAM stack to check your password, one-time
key, fingerprint or whatever other credentials against system
authentication services
* to be able to send that message to the polkit daemon, and give the
polkit daemon a reason to believe it (that reason being "it came
from uid 0")
Regards,
S
Hi Simon,
Thanks for your reply. For the second reason, is "it came from uid 0" a
sure reason for polkit to belive the message when the origin behind uid
0 is from a suid binary? Or is that where the first reason on checking
authentication comes in?
Regards,
Alad
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/polkit-devel
