:: Re: [DNG] why is polkit needed? dro…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Didier Kryn
Date:  
À: aitor, dng
Sujet: Re: [DNG] why is polkit needed? dropin replacement
Le 24/02/2020 à 10:44, aitor a écrit :
> Hi Didier,
>
> En 24 de febrero de 2020 10:01:33 Didier Kryn <kryn@???> escribió:
>
>> Le 24/02/2020 à 01:16, Aitor a écrit :
>>>
>>> Hi Tito,
>>>
>>> On 23/2/20 17:02, Tito via Dng wrote:
>>>> Why use 2 binaries rather than one, more programs, more code, more
>>>> communication in between them equals to more attack surface.
>>>> I would stay with just one suid binary, more so if you want to go the
>>>> su-only route.
>>> I'll answer to this question in more detail: the requeriment of suid
>>> privilegies implies an additional (non GUI) binary due to the fact
>>> that the usage of any GTK suid binary is impossible.
>>> Read here:
>>>
>>> http://soc.if.usp.br/manual/libgtk2.0-doc/faq/x392.html
>>     Does it mean that synaptic works that way with droping priviledges
>> in the GUI?
>>
>>     Didier
>
> Synaptic is run as root via sudo/su. There are no suid privilegies


    Hi Aitor.

    Sure, but it is running a GUI with root priviledge. I thought this
was the danger and I understood this was forbidden in GTK+.