Re: Embarrassing security bug in systemd

To: debian-user@lists.debian.org
Subject: Re: Embarrassing security bug in systemd
From: Brian <ad44@cityscape.co.uk>
Date: Sat, 9 Dec 2017 20:35:53 +0000
Message-id: <[🔎] 09122017202742.ba6df54373f8@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 20171209190717.kgeo7i6zzsgtygk4@ddeb.ddeb.net>
References: <[🔎] 8430b277-3757-8261-0e1e-23e274a0b49a@debian.org> <[🔎] p0dsbk$mn8$2@blaine.gmane.org> <[🔎] 1512747814.22891.12.camel@debian.org> <[🔎] 87zi6txfb1.fsf@genie.metacom.gr> <[🔎] 20171208192641.GB13298@chew> <[🔎] 08122017194852.99a70259a38c@desktop.copernicus.org.uk> <[🔎] 20171209075256.GC13298@chew> <[🔎] 09122017094146.5655db5cfe3f@desktop.copernicus.org.uk> <[🔎] 1512843601.1739.1.camel@debian.org> <[🔎] 20171209190717.kgeo7i6zzsgtygk4@ddeb.ddeb.net>

On Sat 09 Dec 2017 at 20:07:17 +0100, Dejan Jocic wrote:

> On 09-12-17, Jonathan Dowland wrote:
> > On Sat, 2017-12-09 at 10:00 +0000, Brian wrote:
> > > Consistencey can be achieved by not installing policykit. The OP
> > > appears to have chosen the wrong target.Consistencey can be achieved > by not installing policykit.
> > 
> > As Michael pointed out in [1], that's not the case; prior to polkit,
> > there was no consistency.
> > 
> > 
> > [1]  <[🔎] 8430b277-3757-8261-0e1e-23e274a0b49a@debian.org>
> > 
> 
> Is it anywhere in Debian documentation described how to achieve
> consistency in a way different than current defaults? Or, even better,
> is there way that we could get some kind of configuration option to
> achieve it? Polkit does not really have user friendly configuration and
> is not really something that system administrators configure on a
> everyday bases. At least not in my experience. Only thing that I did
> find about configuring polkit was from some other distros. Debian wiki
> page about PolicyKit is not really helpful.

Apart from not installing policykit, setting allow_active to "no" in
/usr/share/polkit-1/actions/org.freedesktop.login1.policy would do it.

Much better is to use /etc/polkit-1/localauthority. See the manual for
pklocalauthority.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: Embarrassing security bug in systemd
  - From: Dejan Jocic <jodejka@gmail.com>

References:
- Re: Embarrassing security bug in systemd
  - From: Michael Biebl <biebl@debian.org>
- Re: Embarrassing security bug in systemd
  - From: deloptes <deloptes@gmail.com>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Menelaos Maglis <mmaglis@metacom.gr>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Brian <ad44@cityscape.co.uk>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Brian <ad44@cityscape.co.uk>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Dejan Jocic <jodejka@gmail.com>

Prev by Date: Re: Embarrassing security bug in systemd
Next by Date: Re: Embarrassing security bug in systemd
Previous by thread: Re: Embarrassing security bug in systemd
Next by thread: Re: Embarrassing security bug in systemd
Index(es):
- Date
- Thread