Re: Embarrassing security bug in systemd

To: debian-user@lists.debian.org
Subject: Re: Embarrassing security bug in systemd
From: Joe <joe@jretrading.com>
Date: Sun, 10 Dec 2017 09:18:03 +0000
Message-id: <[🔎] 20171210091803.514e4d15@jresid.jretrading.com>
In-reply-to: <[🔎] 20171209231359.outk2pvgjw4ypece@ddeb.ddeb.net>
References: <[🔎] p0dsbk$mn8$2@blaine.gmane.org> <[🔎] 1512747814.22891.12.camel@debian.org> <[🔎] 87zi6txfb1.fsf@genie.metacom.gr> <[🔎] 20171208192641.GB13298@chew> <[🔎] 08122017194852.99a70259a38c@desktop.copernicus.org.uk> <[🔎] 20171209075256.GC13298@chew> <[🔎] 09122017094146.5655db5cfe3f@desktop.copernicus.org.uk> <[🔎] 1512843601.1739.1.camel@debian.org> <[🔎] 20171209190717.kgeo7i6zzsgtygk4@ddeb.ddeb.net> <[🔎] 09122017202742.ba6df54373f8@desktop.copernicus.org.uk> <[🔎] 20171209231359.outk2pvgjw4ypece@ddeb.ddeb.net>

On Sun, 10 Dec 2017 00:13:59 +0100
Dejan Jocic <jodejka@gmail.com> wrote:


> 
> Man page for pklocalauthority is bit more helpful, but far from self
> explanatory. 

And not updated for Debian.

> In its examples section, it provides some insight about
> writing .pkla files, but it does not show all possible options, or at
> least I can't be sure that it does. For example:
> 
> [Exclude Some Problematic Users]
>            Identity=unix-user:homer;unix-user:grimes
>            Action=com.example.awesomeproduct.*
>            ResultAny=no
>            ResultInactive=no
>            ResultActive=auth_admin
> 
> According to that, and after reading man page for polkit, I can only
> deduct that .pkla file will for that example in that
> com.example.awesomeproduct.* files reads lines under defaults and
> "answer" on allow_any and allow_inactive with no value and on
> allow_active with auth_admin value. Fine, that can work. Guess that
> you can use wildecards for all users, like unix-user:*, but that is
> only guess, cause I can't see it documented anywhere ( might have
> missed it). What I also do not see anywhere is if those are the only
> options available? Or there is some man page, or additional
> documentation in Debian that can explain that?
> 
More examples, and in fact, all the Debian policies, are *.policy
files and under /usr/share/polkit-1, as Brian pointed out.

-- 
Joe

Reply to:

Follow-Ups:
- Re: Embarrassing security bug in systemd
  - From: Dejan Jocic <jodejka@gmail.com>

References:
- Re: Embarrassing security bug in systemd
  - From: deloptes <deloptes@gmail.com>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Menelaos Maglis <mmaglis@metacom.gr>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Brian <ad44@cityscape.co.uk>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Brian <ad44@cityscape.co.uk>
- Re: Embarrassing security bug in systemd
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Embarrassing security bug in systemd
  - From: Dejan Jocic <jodejka@gmail.com>
- Re: Embarrassing security bug in systemd
  - From: Brian <ad44@cityscape.co.uk>
- Re: Embarrassing security bug in systemd
  - From: Dejan Jocic <jodejka@gmail.com>

Prev by Date: Re: kde in stretch is very usable
Next by Date: Re: on-screen artifacts (red pixels) at high resolution with Intel HD 630 (Kaby Lake)
Previous by thread: Re: Embarrassing security bug in systemd
Next by thread: Re: Embarrassing security bug in systemd
Index(es):
- Date
- Thread