On Mi, 16.02.22 15:01, Adam Williamson (adamw...@fedoraproject.org) wrote:

> > > hence I am not against the feature but please tone down the wording
> > > regarding pkexec, it's misleading. Say you want to split it out to
> > > reduce the attack surface, but don't use the word "legacy" in its
> > > context.
> > >
> > > (dropping "pkla-compat" given its unmaintained state is Ok to be
> > > called "legacy" i guess)
> >
> > I think I'd go stronger and say I don't really see the value in
> > splitting out pkexec at all. I'd rather people have a default path to
> > do safer privilege escalation, and pkexec is way better than
> > sudo/doas/etc in that regard.
> This feels a bit unrealistic to me. In the real world, I can recall off
> the top of my head exactly zero docs, guides, articles, howtos etc.
> that use pkexec. They all use sudo. Like it or not, sudo is what people
> use. The sensible thing to do there is devote attention to making sure
> sudo is as secure as possible, or actually make some kind of big effort
> to convince people to use pkexec instead.

sudo is what users/admins use. pkexec is what (desktop) programs often use.

docs/guides/articles/howtos are focussed on users/admins. hence of
course, you won't find it mentioned there.

> I just tried this, actually, for giggles. Two reasons it's a non-
> starter: it prompts for the root password, not for my user password (my
> user is an 'admin' so far as sudo etc. are concerned, but apparently
> not an 'admin' so far as interactive pkexec is concerned). I do not
> know the root password, it is intentionally a 24-character random
> string I would have to look up.

When I hit "pkexec" a nice GNOME shell prompt pops up asking me for
*my* password, not root's.

> And it prompts with one of those
> goddamn 'secure' GNOME popovers which prevents you accessing your
> password manager, so every time you hit one, you have to cancel it, go
> to your password manager, copy the password it wants, then trigger it
> again.
> No way on earth I'm using that.

Then don't. But whether you use it or whether it's "legacy"/should go
away are two distinct questions.


Lennart Poettering, Berlin
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
Do not reply to spam on the list, report it: 

Reply via email to