FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 01-30-2012, 11:22 AM
Samuli Suominen
 
Default rfc: news item for changed polkit default group

was asked about this at IRC today, so I suppose we should convey this
information better to users
Title: Default value of AdminIdentities changed to group wheel in PolicyKit
Author: Samuli Suominen <ssuominen@gentoo.org>
Content-Type: text/plain
Posted: 2012-01-30
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: sys-auth/polkit

The default value of AdminIdentities changed to group wheel by upstream
since version 0.103.

This means users in group wheel are allowed to execute commands like
"pkexec bash" to gain root shell.

You can change the default value at:
# $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
 
Old 01-30-2012, 12:05 PM
Ulrich Mueller
 
Default rfc: news item for changed polkit default group

>>>>> On Mon, 30 Jan 2012, Samuli Suominen wrote:

> was asked about this at IRC today, so I suppose we should convey this
> information better to users

> Title: Default value of AdminIdentities changed to group wheel in PolicyKit

Too long, GLEP 42 allows a maximum of 44 characters (excluding "Title: ").

> Author: Samuli Suominen <ssuominen@gentoo.org>
> Content-Type: text/plain
> Posted: 2012-01-30
> Revision: 1
> News-Item-Format: 1.0
> Display-If-Installed: sys-auth/polkit

> The default value of AdminIdentities changed to group wheel by upstream
> since version 0.103.

Maybe the package name sys-auth/polkit should appear somewhere in the
item's body text?

> This means users in group wheel are allowed to execute commands like
> "pkexec bash" to gain root shell.

> You can change the default value at:
> # $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf
 
Old 01-30-2012, 12:44 PM
Olivier Crête
 
Default rfc: news item for changed polkit default group

On Mon, 2012-01-30 at 14:22 +0200, Samuli Suominen wrote:
> The default value of AdminIdentities changed to group wheel by
> upstream since version 0.103.

You never mention what the old value was.. useful to figure out if it
will cause problems.

--
Olivier Crête
tester@gentoo.org
Gentoo Developer
 
Old 01-30-2012, 12:44 PM
Samuli Suominen
 
Default rfc: news item for changed polkit default group

On 01/30/2012 03:05 PM, Ulrich Mueller wrote:

On Mon, 30 Jan 2012, Samuli Suominen wrote:



was asked about this at IRC today, so I suppose we should convey this
information better to users



Title: Default value of AdminIdentities changed to group wheel in PolicyKit


Too long, GLEP 42 allows a maximum of 44 characters (excluding "Title: ").


Author: Samuli Suominen<ssuominen@gentoo.org>
Content-Type: text/plain
Posted: 2012-01-30
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: sys-auth/polkit



The default value of AdminIdentities changed to group wheel by upstream
since version 0.103.


Maybe the package name sys-auth/polkit should appear somewhere in the
item's body text?


This means users in group wheel are allowed to execute commands like
"pkexec bash" to gain root shell.



You can change the default value at:
# $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf




... this is no longer relevant as I've just pushed 0.104-r1 for fast
stabilization within security bug restoring the old behavior as per
recommendation of the gentoo security team (a3li mostly ;-)
 
Old 01-30-2012, 01:08 PM
Cyprien Nicolas
 
Default rfc: news item for changed polkit default group

Samuli Suominen wrote:
> was asked about this at IRC today, so I suppose we should convey this
> information better to users

> You can change the default value at:
> # $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf

The default file states:
> # Configuration file for the PolicyKit Local Authority.
> #
> # DO NOT EDIT THIS FILE, it will be overwritten on update.

It seems there is no CONFIG_PROTECT_MASK to exclude that peculiar
file from CONFIG_PROTECT.

Maybe this line should be removed from that file? I wondered which
file should be edited to keep my settings over updates.

--
Cyprien Nicolas
 
Old 01-30-2012, 01:10 PM
Samuli Suominen
 
Default rfc: news item for changed polkit default group

On 01/30/2012 04:08 PM, Cyprien Nicolas wrote:

Samuli Suominen wrote:

was asked about this at IRC today, so I suppose we should convey this
information better to users



You can change the default value at:
# $EDITOR /etc/polkit-1/localauthority.conf.d/50-localauthority.conf


The default file states:

# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.


It seems there is no CONFIG_PROTECT_MASK to exclude that peculiar
file from CONFIG_PROTECT.

Maybe this line should be removed from that file? I wondered which
file should be edited to keep my settings over updates.



The way I've restored the default value of group "0" in polkit-0.104-r1
is I've added 60-gentoo.conf to /etc/polkit-1/localauthority.conf.d that
will override the one with lower number, 50.


So that news item draft that suggested altering this file was stupid to
begin with.


Sorry for confusion.
 

Thread Tools




All times are GMT. The time now is 07:13 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org