Re: Package Manager Denies Permission to Install

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-01-20 at 09:53 -0800, Kam Leo wrote:
> Well, if you can not trust a GUI then logging in as a user won't help
> either. Once that user invokes superuser powers there is no difference
> between him/her and root.

Incorrect. If the dialog stays as the user process (non-root) it can
communicate with a seporate privileged process (running as root) using
some sort of untrusted IPC (over DBUS, socket, etc). We therefore allow
the untrusted process to authenticate (using PolicyKit) and do tasks
that are normally only allowed to do as root.

Just because a dialog pops up and asks for the root password, doesn't
automatically mean the GUI code is then running as root.

If you read http://hal.freedesktop.org/docs/PolicyKit/ it explains
nicely how the system works.

Richard.


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux