[ale] why I love windows

Jim Kinney jim.kinney at gmail.com
Mon Jan 30 22:12:35 EST 2012


The capability you seek is in selinux not a hodgepodge of userland config
libraries.
On Jan 30, 2012 7:11 PM, "Michael Trausch" <mike at trausch.us> wrote:

> If done well, it could. The reason being that the user never actually
> gains privilege; it gets rid of the need to trust whole programs, at the
> expense of having to use modular components where you trust functions
> instead.
>
> E.g., you don't configure sudo to spawn a program with root privilege. You
> run a program as a user, and it makes calls over a bus to a component that
> the sysadmin or distributor has enabled as trusted. So, you can call a
> function to format a partition if you are allowed (i.e., you are given that
> privilege and it isn't mounted), but you cannot actually spawn shell
> commands.
>
> --
> Sent from my CyanogenMod mobile device.
> Please excuse any typos.
> On Jan 30, 2012 7:00 PM, "Richard Bronosky" <Richard at bronosky.com> wrote:
>
>> A tool like that will never make sudi obsolete. Escalating privileges
>> must be an intentional exercise. Just because my user has the right to
>> escalate to root privileges does  not mean I want to be able to rm -rf /
>> without explicit-ness. That would lead to a different form of explicit-ness.
>> On Jan 30, 2012 2:01 PM, "mike at trausch.us" <mike at trausch.us> wrote:
>>
>>> On 01/30/2012 01:46 PM, Jim Kinney wrote:
>>> > Solution to the windows installer not running: (to install an .msi
>>> > program an installer SERVICE must be running to understand what to do.
>>> > what total crap.)
>>>
>>> I could see using a similar model for Linux systems; actually, most
>>> desktop systems these days use privileged helper services so that they
>>> can delegate certain types of authority without giving the user the
>>> ability to actually change their active user accounts, for example.  If
>>> enough other infrastructure-y components were written for it, it would
>>> be possible to do things like say “user Foo Bag can install software
>>> packages but not remove them”, or “user Bar Bag can remove software
>>> packages but not install them” for example.
>>>
>>> The major difference, though is that IIRC PolicyKit doesn’t require that
>>> services are running all the time.  It simply requires that they be
>>> registered with D-Bus or something so that they can be spawned when
>>> needed.  Services using that interface are free to exit immediately or
>>> after an application-determined period of inactivity.
>>>
>>> I need to get around to looking at applications that use PolicyKit so
>>> that I can more completely understand how to use it, but I think that
>>> the split there is very nice; it could potentially make tools like sudo
>>> obsolete.  There are even command-line applications that have been
>>> experimentally ported to use PolicyKit, though I cannot remember any of
>>> them off the top of my head.
>>>
>>>        --- Mike
>>>
>>> --
>>> A man who reasons deliberately, manages it better after studying Logic
>>> than he could before, if he is sincere about it and has common sense.
>>>                                   --- Carveth Read, “Logic”
>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120130/4f10270f/attachment.html 


More information about the Ale mailing list