Re: Proposed external dep: PolicyKit

From: "Jason D. Clinton" <me jasonclinton com>
To: "Michael Biebl" <mbiebl gmail com>
Cc: desktop-devel-list <desktop-devel-list gnome org>
Subject: Re: Proposed external dep: PolicyKit
Date: Tue, 22 Jul 2008 21:01:39 -0500

On Tue, Jul 22, 2008 at 8:27 PM, Jason D. Clinton <me jasonclinton com> wrote:

This is the PK bits that David was discussion in his previous message that are in the Debian hal which appears to be a security problem, if nothing else:
http://gitweb.freedesktop.org/?p=hal.git;a=commitdiff;h=5b4c664f7b40e85148bd3c32946388e23fe8b384

Would you like me to open the BTS bug?

Never mind, I was looking at the Debian hal.conf cross-ways while examining the one I installed as a part of my jhbuild work tracking 2.23. There's nothing wrong with the Debian package; it correctly kills PK support as suggested by the configure.in message that David referenced. jhbuilding appears to be the source of PK being enabled WRT to hal.

When I have time I'll investiage why the default allow policy is having PK returning permission denied for active sessions. It'll have to be some time next week.

Thank you for your attention to the Debian side of things, Michael.

Here is the Debian patch, FTWCA such things:

diff --git a/hal.conf.in b/hal.conf.in
index ef97b8f..3646deb 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -40,6 +40,26 @@
   
   <policy context="default">
+    <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+    <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
+    <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+    <deny send_interface="org.freedesktop.Hal.Device.Volume"/>
+    <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ </policy>
+
+ 
+ <policy group="powerdev">
+    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+    <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
+    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+ </policy>
+ <policy group="plugdev">
+    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
+    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ </policy>
+
+ 
+ <policy user="root">
     <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
     <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
     <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>

References:
- Re: Proposed external dep: PolicyKit
  - From: Jason D. Clinton
- Re: Proposed external dep: PolicyKit
  - From: David Zeuthen
- Re: Proposed external dep: PolicyKit
  - From: Rob Taylor
- Re: Proposed external dep: PolicyKit
  - From: Michael Biebl
- Re: Proposed external dep: PolicyKit
  - From: Jason D. Clinton
- Re: Proposed external dep: PolicyKit
  - From: Michael Biebl
- Re: Proposed external dep: PolicyKit
  - From: Jason D. Clinton
- Re: Proposed external dep: PolicyKit
  - From: Michael Biebl
- Re: Proposed external dep: PolicyKit
  - From: Jason D. Clinton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]