[ale] why I love windows

Michael Trausch mike at trausch.us
Mon Jan 30 19:10:41 EST 2012


If done well, it could. The reason being that the user never actually gains
privilege; it gets rid of the need to trust whole programs, at the expense
of having to use modular components where you trust functions instead.

E.g., you don't configure sudo to spawn a program with root privilege. You
run a program as a user, and it makes calls over a bus to a component that
the sysadmin or distributor has enabled as trusted. So, you can call a
function to format a partition if you are allowed (i.e., you are given that
privilege and it isn't mounted), but you cannot actually spawn shell
commands.

--
Sent from my CyanogenMod mobile device.
Please excuse any typos.
On Jan 30, 2012 7:00 PM, "Richard Bronosky" <Richard at bronosky.com> wrote:

> A tool like that will never make sudi obsolete. Escalating privileges must
> be an intentional exercise. Just because my user has the right to escalate
> to root privileges does  not mean I want to be able to rm -rf / without
> explicit-ness. That would lead to a different form of explicit-ness.
> On Jan 30, 2012 2:01 PM, "mike at trausch.us" <mike at trausch.us> wrote:
>
>> On 01/30/2012 01:46 PM, Jim Kinney wrote:
>> > Solution to the windows installer not running: (to install an .msi
>> > program an installer SERVICE must be running to understand what to do.
>> > what total crap.)
>>
>> I could see using a similar model for Linux systems; actually, most
>> desktop systems these days use privileged helper services so that they
>> can delegate certain types of authority without giving the user the
>> ability to actually change their active user accounts, for example.  If
>> enough other infrastructure-y components were written for it, it would
>> be possible to do things like say “user Foo Bag can install software
>> packages but not remove them”, or “user Bar Bag can remove software
>> packages but not install them” for example.
>>
>> The major difference, though is that IIRC PolicyKit doesn’t require that
>> services are running all the time.  It simply requires that they be
>> registered with D-Bus or something so that they can be spawned when
>> needed.  Services using that interface are free to exit immediately or
>> after an application-determined period of inactivity.
>>
>> I need to get around to looking at applications that use PolicyKit so
>> that I can more completely understand how to use it, but I think that
>> the split there is very nice; it could potentially make tools like sudo
>> obsolete.  There are even command-line applications that have been
>> experimentally ported to use PolicyKit, though I cannot remember any of
>> them off the top of my head.
>>
>>        --- Mike
>>
>> --
>> A man who reasons deliberately, manages it better after studying Logic
>> than he could before, if he is sincere about it and has common sense.
>>                                   --- Carveth Read, “Logic”
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120130/334c9115/attachment.html 


More information about the Ale mailing list