oss-sec mailing list archives
Re: polkitd service user privilege separation
From: Jordan Glover <Golden_Miller83 () protonmail ch>
Date: Thu, 30 Mar 2023 14:08:10 +0000
On Wednesday, March 29th, 2023 at 9:24 PM, Simon McVittie <smcv () debian org> wrote:
polkitd can only be either trusted or untrusted, we can't have it both ways. I think the main thing that's wrong here is the documentation that claims that the privilege separation is meaningful. smcv
Is it valid conclusion that polkitd would be better of just running as root? That would clear any possible confusion. Or are there advantages of running it as separate "trusted" user? Jordan
Current thread:
- polkitd service user privilege separation Johannes Segitz (Mar 29)
- Re: polkitd service user privilege separation Simon McVittie (Mar 29)
- Re: polkitd service user privilege separation Johannes Segitz (Mar 30)
- Re: polkitd service user privilege separation Jordan Glover (Mar 30)
- Re: polkitd service user privilege separation Johannes Segitz (Mar 31)
- Re: polkitd service user privilege separation Simon McVittie (Mar 29)