Hi,
On 02/08/2012 03:55 PM, Frédéric Grelot wrote:
As mentioned in my original mail, the helper uses PolicyKit to ask
for
permission to redirect the device, it is PolicyKit which asks for the
root password, not the helper. In the blog post I linked to are
instructions to change the policy so that local (so behind the
keyboard of the actual machine) users don't need to enter any
password at all.
Making these kind of (security) policy decisions configurable is
exactly what PolicyKit is intended for. The root password asking
is caused by spice-gtk shipping with what I consider is a sane
default policy. Changing this is easy.
Sorry, I didn't see the link. It explains a lot.
Still, I don't know how PolicyKit works (based on policy I imagine?), but it would be a good idea
to add a policy allowing newly plugged USB devices (as opposed to devices already present at spice
client startup) to be used in a different manner (and the admin can set it to "no
password" if he wants to). This would mitigate the issue that you pointed out where "this
will give any local users of your machine FULL access to any USB devices plugged in!"
The suid helper is a short-lived process, which gets invoked
after a new device has been plugged in, so it cannot differentiate
between newly plugged in and already present devices. Besides that
plugging in devices requires physical access, what is to stop a user
from unplugging and re-plugging a device he wants to get access to,
thereby making it a newly plugged in device?
Regards,
Hans
_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
