Arnt Gulbrandsen <a...@gulbrandsen.priv.no> writes: > Steve Litt writes: >> I repeat my question: Do you have first hand knowledge indicating that >> polkit is any safer? > > No, I do not. But unlike sudo, I am not aware of any weaknesses in its > core design either.
You wrote that sudo would keep the PATH environment variable of a user when executing commands, hence, if these other commands in turn execute programs found by searching in PATH, this would enable a user to run an arbitrary programs which is correct. But this is a potentially exploitable weakness in some other program, not in sudo itself, and if 'allow users to run arbitrary programs as root' is not what's intended, they obviously mustn't be allowed to run programs as root which - in turn - enable execution of arbitrary, other programs: That's no different from any other kind of possible exploitable weakness in code running with elevated privileges on behalf of some otherwise unprivileged user. And how to handle PATH is not a "core design property", it's a configurable option and 'keep it' just the default policy. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
