On Tue, 10 Mar 2020 12:08:23 -0600
tekHedd wrote:
> On Sat, Mar 7, 2020, at 5:37 PM, Rick Moen wrote:
> > Quoting tekHedd (tekh...@byteheaven.net):
> >
> > > Cool software doesn't really happen without the ability for apps
> > > to communicate and read/write the state of the system and
> > > c
On Thu, Feb 13, 2020 at 10:27:50PM -0300, Gastón wrote:
> On Thu, Feb 13, 2020 at 03:16:58PM -0800, tom wrote:
> > On Thu, 9 Jan 2020 16:50:15 +
> > Mark Hindley wrote:
> >
> > > On Thu, Jan 09, 2020 at 05:44:17PM +0100, Alessandro Vesely via Dng
> > > wrote:
> > > > Hi,
> > > >
> > > > is t
On Sat, Mar 7, 2020, at 5:37 PM, Rick Moen wrote:
> Quoting tekHedd (tekh...@byteheaven.net):
>
> > Cool software doesn't really happen without the ability for apps to
> > communicate and read/write the state of the system and communicate
> > with other user level components.
>
> If so, so what?
On Sat, 7 Mar 2020 16:47:00 -0800
tom wrote:
> The ONLY thing I am using DBUS for on my systems is for notifications.
> Be it have something blip in the top right of my monitor when I get an
> email, or gmusicplayer changes a song. psi-plus (XMPP client) is able
> to read MPRISv2 over dbus to upd
On Fri, 06 Mar 2020 15:25:55 -0700
tekHedd wrote:
> On Fri, Mar 6, 2020, at 12:51 PM, Hendrik Boom wrote:
> > On Thu, Mar 05, 2020 at 02:09:37PM +0100, Didier Kryn wrote:
> > > Le 03/03/2020 à 23:37, tekHedd a écrit :
> > > >
> > > > So, I would consider rewriting polkit and dbus from scratch.
>
Quoting tekHedd (tekh...@byteheaven.net):
> Cool software doesn't really happen without the ability for apps to
> communicate and read/write the state of the system and communicate
> with other user level components.
If so, so what? This doesn't in any way suggest need for a new extra
system aut
Le 06/03/2020 à 20:51, Hendrik Boom a écrit :
What are the actual requirements for a dbus-like system? Requirements
that would allow a completely different design?
There must have been requirements. At the time KDE had its own
middleware called DCOP and Gnome had or was developping its ow
On Fri, Mar 6, 2020, at 12:51 PM, Hendrik Boom wrote:
> On Thu, Mar 05, 2020 at 02:09:37PM +0100, Didier Kryn wrote:
> > Le 03/03/2020 à 23:37, tekHedd a écrit :
> > >
> > > So, I would consider rewriting polkit and dbus from scratch.
> > >
> > > Also, who has time to rewrite polkit and dbus from
On Thu, Mar 05, 2020 at 02:09:37PM +0100, Didier Kryn wrote:
> Le 03/03/2020 à 23:37, tekHedd a écrit :
> >
> > So, I would consider rewriting polkit and dbus from scratch.
> >
> > Also, who has time to rewrite polkit and dbus from scratch?
What are the actual requirements for a dbus-like system
On Wed, Mar 4, 2020, at 9:42 PM, Rick Moen wrote:
> Quoting tekHedd (tekh...@byteheaven.net):
>
> > Re this thread, clearly a multi-user system with a GUI does need
> > polkit and /some/ sort of dbus mechanism (which I will henceforth
> > refer to as the "dbus mechanism" as if it were some sort of
Le 03/03/2020 à 23:37, tekHedd a écrit :
On Tue, Feb 25, 2020, at 3:28 AM, Didier Kryn wrote:
Le 25/02/2020 à 09:05, Steve Litt a écrit :
On Mon, 24 Feb 2020 12:21:16 +
Daniel Abrecht via Dng wrote:
...
Without dbus, applications & daemons could do similar things using
unix sockets. ...
Quoting tekHedd (tekh...@byteheaven.net):
> Re this thread, clearly a multi-user system with a GUI does need
> polkit and /some/ sort of dbus mechanism (which I will henceforth
> refer to as the "dbus mechanism" as if it were some sort of doomsday
> device).
I don't think I buy that assumption,
tekHedd wrote:
> Surely it is time to boil down the dbus/polkit requirements and and start
> over. Preferably with sane limitations on scope and configuration mechanisms.
> I mean, I'm just thinking out loud here something that I've been thinking for
> about 6 months.
I applaud your thinking,
On Tue, Feb 25, 2020, at 3:28 AM, Didier Kryn wrote:
> Le 25/02/2020 à 09:05, Steve Litt a écrit :
> > On Mon, 24 Feb 2020 12:21:16 +
> > Daniel Abrecht via Dng wrote:
> ...
> >> Without dbus, applications & daemons could do similar things using
> >> unix sockets. ...
>
> Yep, socket, si
On 2020-02-25 11:11, Hendrik Boom wrote:
Which is the reason for a capability architecture. Is there anything
resembling that in GNU/Linux userspace?
Kind of, not really.
There is something similar to role based access control, namely the unix
file permission model, which is a kind of DAC. U
Hi Tom
En 25 de febrero de 2020 18:39:51 tom
escribió:
On Mon, 24 Feb 2020 14:33:25 +0100
Tito via Dng wrote:
and only for known "safe" commands. For everything else, it'd be much
better to just log in on a tty as root. Same goes for su.
for sudo only if set
userALL=(ALL:ALL) ALL
On Mon, 24 Feb 2020 14:33:25 +0100
Tito via Dng wrote:
> and only for known "safe" commands. For everything else, it'd be much
> better to just log in on a tty as root. Same goes for su.
>
> for sudo only if set
>
> userALL=(ALL:ALL) ALL
>
> or if the user is added to the sudo group
>
> #
On 2/24/20 7:21 AM, Daniel Abrecht via Dng wrote:
> One last, only partially related thing. Does anyone know how to get polkit
> agents working properly? If I start `lxqt-policykit-agent`, for example,
> pkexec won't work. If I start it as `su -c 'lxqt-policykit-agent'`, it
> does, but I'm pretty
On Tue, Feb 25, 2020 at 03:05:27AM -0500, Steve Litt wrote:
> On Mon, 24 Feb 2020 12:21:16 +
> Daniel Abrecht via Dng wrote:
>
>
> > So next, why is dbus needed?
> > dbus is a message bus. There usually is one for the whole system, and
> > one for each session.
> > There are various uses an
Le 25/02/2020 à 09:05, Steve Litt a écrit :
On Mon, 24 Feb 2020 12:21:16 +
Daniel Abrecht via Dng wrote:
...
Without dbus, applications & daemons could do similar things using
unix sockets. However, then, every application would need their own
socket, permission management, configs, etc.
On Mon, 24 Feb 2020 12:21:16 +
Daniel Abrecht via Dng wrote:
> So next, why is dbus needed?
> dbus is a message bus. There usually is one for the whole system, and
> one for each session.
> There are various uses and missuses for it, but I think the most
> crucial things are:
> * Notify a
Le 25/02/2020 à 08:17, marc a écrit :
Hello
I would like to add my point of view to the polkit debate.
And they are well thought out comments :)
All things considered, I think for the purpose of interacting with system
level daemons/services and managing related permissions, especially in ca
On Mon, 24 Feb 2020 13:46:46 +0100
Didier Kryn wrote:
> Le 24/02/2020 à 10:44, aitor a écrit :
> > Hi Didier,
> >
> > En 24 de febrero de 2020 10:01:33 Didier Kryn
> > escribió:
> >
> >> Le 24/02/2020 à 01:16, Aitor a écrit :
> >>>
> >>> Hi Tito,
> >>>
> >>> On 23/2/20 17:02, Tito via Dng wrote:
Hello
> I would like to add my point of view to the polkit debate.
And they are well thought out comments :)
> All things considered, I think for the purpose of interacting with system
> level daemons/services and managing related permissions, especially in cases
> more complex than simply shutt
On 2/24/20 1:21 PM, Daniel Abrecht via Dng wrote:
Hi
I would like to add my point of view to the polkit debate.
I don't think polkit is bad or unnecessary, it simply has a completely
different usecase/scope than sudo has.
sudo is for starting a process as an other user provided some precondit
Le 24/02/2020 à 10:44, aitor a écrit :
Hi Didier,
En 24 de febrero de 2020 10:01:33 Didier Kryn escribió:
Le 24/02/2020 à 01:16, Aitor a écrit :
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them
Hi
I would like to add my point of view to the polkit debate.
I don't think polkit is bad or unnecessary, it simply has a completely
different usecase/scope than sudo has.
sudo is for starting a process as an other user provided some
preconditions (group/user allowed to use it, supplied argu
Hi Didier,
En 24 de febrero de 2020 10:01:33 Didier Kryn escribió:
Le 24/02/2020 à 01:16, Aitor a écrit :
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would s
Le 24/02/2020 à 01:16, Aitor a écrit :
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would stay with just one suid binary, more so if you want to go the
su-only r
Le 23/02/2020 à 16:26, Aitor a écrit :
On 23/2/20 16:22, Aitor wrote:
- To have a look at the code of ssh-askpass, suggested by Didier
Krin, whose dialog frame is useful only for X11 and not for wayland.
Kryn :)
ssh-askpass is just an example. There is certainly something usable
in wayla
On 2020-02-23 22:10, marc wrote:
> If I understand you correctly, you propose a simple gtk
> program that is setuid (so that it can read /etc/shadow, and
> grant root privileges). The problem is that there is no such
> thing as a simple gtk program. This is not comment limited to
> gtk programs
Hi,
On 23/2/20 23:10, marc wrote:
You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would stay with just one suid binary, more so if you want to go the
su-only route.
I'll answer to this question in mor
On 2/23/20 11:10 PM, marc wrote:
You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about n
> >>You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about not passing
confidential informa
Hi again Tito,
On 23/2/20 17:02, Tito via Dng wrote:
On 2/23/20 4:22 PM, Aitor wrote:
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root
password through the mentione
On 2/23/20 4:22 PM, Aitor wrote:
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password through
the mentioned unix socket using internally (sudo | su) afterward
On 23/2/20 16:22, Aitor wrote:
- To have a look at the code of ssh-askpass, suggested by Didier Krin,
whose dialog frame is useful only for X11 and not for wayland.
Kryn :)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-b
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password
through the mentioned unix socket using internally (sudo | su)
afterwards.
As simple as that:
system( "ec
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password through
the mentioned unix socket using internally (sudo | su) afterwards.
As simple as that:
system( "echo | sudo -S ");
I tested my first draft and
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password
through the mentioned unix socket using internally (sudo | su) afterwards.
As simple as that:
system( "echo | sudo -S ");
I tested my first draft and it works. Do it simple, isn't it?
Ai
Hi Tito,
On 23/2/20 13:19, Tito via Dng wrote:
Hi,
please don't restrict it, make it a universally usable tool.
Ok :)
Why using a socket maybe KISS?
For inspiration you can take a look at:
https://git.busybox.net/busybox/tree/loginutils/su.c
this is tested and widely used code.
Thanks fo
Hi,
On 23/2/20 13:23, Aitor wrote:
Hi Tom,
On 23/2/20 13:21, tom wrote:
What happens when a password isn't need, such as when a sudo policy is
set?
Are you referring to the sudo | su duality?
Aitor.
If so, the application might check the sudo permissions of the current
user, reading the
Hi Tom,
On 23/2/20 13:21, tom wrote:
What happens when a password isn't need, such as when a sudo policy is
set?
Are you referring to the sudo | su duality?
Aitor.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailm
On Sun, 23 Feb 2020 13:17:21 +0100
Aitor wrote:
> Hi,
>
> On 23/2/20 12:34, Aitor wrote:
> >
> > Hi Steve,
> >
> > On 21/2/20 21:57, Steve Litt wrote:
> >> Will it work even if I'm not using lxqt? Does it stand alone?
> >>
> >> SteveT
> > I've just started developing a replacement for gksu in
On 2/23/20 12:34 PM, Aitor wrote:
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following the same
method used in simple-netaid,
that is: a suid binary receivi
Hi,
On 23/2/20 12:34, Aitor wrote:
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following
the same method used in simple-netaid,
that is: a suid binary receivi
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following
the same method used in simple-netaid,
that is: a suid binary receiving the password through an unix socket
On 2/21/20 10:56 PM, Florian Zieboll wrote:
On Fri, 21 Feb 2020 15:57:42 -0500
Steve Litt wrote:
On Wed, 19 Feb 2020 01:23:47 -0800
tom wrote:
Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
https://github.com/lxqt/lxqt-sudo
It works pretty well.
Will it work even i
On Wed, 19 Feb 2020 15:17:06 +0100
Tito via Dng wrote:
>
>
> On 2/19/20 10:23 AM, tom wrote:
> > On Wed, 19 Feb 2020 00:35:26 -0800
> > tom wrote:
> >
> >> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> >> Devuan doesn't just fish around for the old gksudo git repo and
> >
On Fri, 21 Feb 2020 15:57:42 -0500
Steve Litt wrote:
> On Wed, 19 Feb 2020 01:23:47 -0800
> tom wrote:
>
> >
> > Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
> > https://github.com/lxqt/lxqt-sudo
> > It works pretty well.
>
> Will it work even if I'm not using lxqt? Doe
On Wed, 19 Feb 2020 01:23:47 -0800
tom wrote:
> On Wed, 19 Feb 2020 00:35:26 -0800
> tom wrote:
>
> > Deprecated gksudo? Well thats pretty dumb. Any particular reason
> > Devuan doesn't just fish around for the old gksudo git repo and
> > continue that instead of dealing with this policykit mes
On 2/19/20 10:23 AM, tom wrote:
On Wed, 19 Feb 2020 00:35:26 -0800
tom wrote:
Deprecated gksudo? Well thats pretty dumb. Any particular reason
Devuan doesn't just fish around for the old gksudo git repo and
continue that instead of dealing with this policykit mess of
complexity? You can allo
On Wed, 19 Feb 2020 00:35:26 -0800
tom wrote:
> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> Devuan doesn't just fish around for the old gksudo git repo and
> continue that instead of dealing with this policykit mess of
> complexity? You can allow users in your a group for e
On Wed, 19 Feb 2020 00:35:26 -0800
tom wrote:
> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> Devuan doesn't just fish around for the old gksudo git repo and
> continue that instead of dealing with this policykit mess of
> complexity? You can allow users in your a group for e
Deprecated gksudo? Well thats pretty dumb. Any particular reason Devuan
doesn't just fish around for the old gksudo git repo and continue that
instead of dealing with this policykit mess of complexity? You can
allow users in your a group for example 'installers' to run synaptic by
editing sudo's co
Le 14/02/2020 à 14:12, Didier Kryn a écrit :
I've found a solution on the web:
Just 'su' - or 'sudo -u root bash -l' then
xauth add $(xauth -f ~/.Xauthority list | tail -1) # where
is your username.
Then you can launch an application with a GUI.
Hey. Here is a method to do i
Le 14/02/2020 à 22:01, Rick Moen a écrit :
Quoting Didier Kryn (k...@in2p3.fr):
AFAIR sudo does not transmit the X session. I heard years ago
of something called sudox. Dunno if it is available somewhere. I
dislike pkexec [...]
You're a man of wise instincts, Didier. ;->
Thanks :~) This
Quoting Dr. Nikolaus Klepp (dr.kl...@gmx.at):
> There was a "sux" on ascii (or was it lenny?), that did thi thing for
> su. Pity, it's gone.
It is, however, an extremely simple shell wrapper around su.
http://fgouget.free.fr/sux/sux
http://fgouget.free.fr/sux/sux-readme.shtml
--
Cheers,
Quoting Didier Kryn (k...@in2p3.fr):
> AFAIR sudo does not transmit the X session. I heard years ago
> of something called sudox. Dunno if it is available somewhere. I
> dislike pkexec [...]
You're a man of wise instincts, Didier. ;->
Here's a Linuxmafia.com Knowledgebase article I try to brin
Hi,
En 14 de febrero de 2020 14:15:05 Didier Kryn escribió:
Le 14/02/2020 à 13:14, Tito via Dng a écrit :
Hi,
did you try?
Yes I did :~)
Thanks a lot, i'll aply this method to my popupmenu.
Aitor
___
Dng mailing list
Dng@lists.dyne.o
Le 14/02/2020 à 13:14, Tito via Dng a écrit :
Hi,
did you try?
Yes I did :~)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Le 14/02/2020 à 12:29, Dr. Nikolaus Klepp a écrit :
Anno domini 2020 Fri, 14 Feb 11:30:03 +0100
Didier Kryn scripsit:
Le 14/02/2020 à 08:24, Tito via Dng a écrit :
On 2/14/20 3:37 AM, Ozi Traveller via Dng wrote:
Does this help? You've probably seen this already.
https://mike632t.wordpr
On 2/14/20 11:30 AM, Didier Kryn wrote:
Le 14/02/2020 à 08:24, Tito via Dng a écrit :
On 2/14/20 3:37 AM, Ozi Traveller via Dng wrote:
Does this help? You've probably seen this already.
https://mike632t.wordpress.com/2019/11/17/gksu-is-dead-long-live-pkexec/
https://www.freedesktop.org/
Anno domini 2020 Fri, 14 Feb 11:30:03 +0100
Didier Kryn scripsit:
> Le 14/02/2020 à 08:24, Tito via Dng a écrit :
> > On 2/14/20 3:37 AM, Ozi Traveller via Dng wrote:
> >> Does this help? You've probably seen this already.
> >>
> >> https://mike632t.wordpress.com/2019/11/17/gksu-is-dead-long-l
Le 14/02/2020 à 08:24, Tito via Dng a écrit :
On 2/14/20 3:37 AM, Ozi Traveller via Dng wrote:
Does this help? You've probably seen this already.
https://mike632t.wordpress.com/2019/11/17/gksu-is-dead-long-live-pkexec/
https://www.freedesktop.org/software/polkit/docs/0.105/pkexec.1.html
O
On 2/14/20 3:37 AM, Ozi Traveller via Dng wrote:
Does this help? You've probably seen this already.
https://mike632t.wordpress.com/2019/11/17/gksu-is-dead-long-live-pkexec/
https://www.freedesktop.org/software/polkit/docs/0.105/pkexec.1.html
On Fri, Feb 14, 2020 at 12:28 PM Gastón via Dng
Does this help? You've probably seen this already.
https://mike632t.wordpress.com/2019/11/17/gksu-is-dead-long-live-pkexec/
https://www.freedesktop.org/software/polkit/docs/0.105/pkexec.1.html
On Fri, Feb 14, 2020 at 12:28 PM Gastón via Dng wrote:
> On Thu, Feb 13, 2020 at 03:16:58PM -0800
On Thu, Feb 13, 2020 at 03:16:58PM -0800, tom wrote:
> On Thu, 9 Jan 2020 16:50:15 +
> Mark Hindley wrote:
>
> > On Thu, Jan 09, 2020 at 05:44:17PM +0100, Alessandro Vesely via Dng
> > wrote:
> > > Hi,
> > >
> > > is there a recommended GUI package browser for Devuan?
> > >
> > > After migr
On Thu, 9 Jan 2020 16:50:15 +
Mark Hindley wrote:
> On Thu, Jan 09, 2020 at 05:44:17PM +0100, Alessandro Vesely via Dng
> wrote:
> > Hi,
> >
> > is there a recommended GUI package browser for Devuan?
> >
> > After migrating, synaptic isn't installed. If I try to install it,
> > it says it
70 matches
Mail list logo