Good afternoon,
On Sat, Nov 29, 2014 at 08:46:08PM +0100, Enrico Weigelt, metux IT consult
wrote:
<snip>
> A really cool feature, IMHO, would be able to connect my local factotum
> to remote ones easily, so I'll get a similar feature like eg. lastpass
> is doing for the web. For example, somebody like to give me access to
> some remote application, but for some reason can't add my pubkey there
> (eg. it doesn't even support such things), but doesn't want to give me
> cleartext passwords, he could set things up in his (publically
> accessible) factotum instance, which then handles all the auth stuff
> for that application.
>
> By the way, that leads me to another topic, which is annoying me
> for quite some time: policykit.
>
> For those, who have been spared of it:
>
> It's an invention of the freedesktop folks (or should I call them
> "Lennartists" ? ;-o), some kind of proxy, which routes certain dbus
> calls (based on certain policies) between several users (and root).
> This way, eg. unprivileged users can still be given access to system
> level stuff, like network-manager. And that's exactly the point which
> regularily hit me (eg. some day my primary account suddenly wasn't
> able to choose wireless networks anymore, and even the old fashioned
> way via unix groups didn't help either).
In both ways you should change the background on which the security would run.
For network applications, a web browser must stay out of the project or rely
on weaker security measures (auth with factotum, then the browser is
authorized visiting some https site for signing on).
Policykit and consolekit are crazy nonsense by design, strictly UNIX-speaking.
If the user isn't wheel or root, but has to acceed network (both wireless or
ethernet), graphics, certain areas instead of others, the adminstrator has to
give h{im,er} access at login to everything is required to {,s}he. If, to do
so, you can't use the programs you loved to limit privileges in SSH, and you
want a single-sign-on to join wifi networks, printers, external drives,
opening webbrowser and whatnot, the GUI components should be easily hackable
to roll out the user experience required.
And thinking about X11 today and the fuss about waylands and mirs... The whole
thing is fucked up, imho.
Your project is eating or exploiting to user level, at the end of this
mini-essay, 85% of the operating system now. Like the classic X server,
systemd+wayland or
upstart/systemd+mir.
It's not a bad thing! Lennartism is just a Will Hunting approach. Mixed with a
bag full of shit.
The way to go is writing a x server like you would write a TeX environment or
a compiler toolchain, which will lead you rolling out a systemd better
designed that doesn't make its way to pid 1.
It's a lot of work. Are you sure you wouldn't like to try p9?
Happy gregorian first of the year,
--
Teodoro Santoni
