On Tue, 2009-01-20 at 09:53 -0800, Kam Leo wrote: > Well, if you can not trust a GUI then logging in as a user won't help > either. Once that user invokes superuser powers there is no difference > between him/her and root. Incorrect. If the dialog stays as the user process (non-root) it can communicate with a seporate privileged process (running as root) using some sort of untrusted IPC (over DBUS, socket, etc). We therefore allow the untrusted process to authenticate (using PolicyKit) and do tasks that are normally only allowed to do as root. Just because a dialog pops up and asks for the root password, doesn't automatically mean the GUI code is then running as root. If you read http://hal.freedesktop.org/docs/PolicyKit/ it explains nicely how the system works. Richard. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
