> > Policykit's configuration is yet another pseudo-language you have to
> > learn unless you can get rid of it, which is hard to do completely :-(
> >

> >     Didier

>
> Ok. Thanks. I'll dig in that direction. Based on this and many other
> incidents, policykit seems to be a big, gaping security hole.

Yup, it is a major security risk. Polkitd links in an xml parser,
the perl compatible regular expression library and the gobject
infrastructure of gtk.

That adds a zillion lines of code to many security-critical
applications and increases the attack surface in the same proportion.

It also makes it harder to trim down the minimal-server installation ...

regards

marc