Date: Mon, 18 Jan 2021 19:38:42 -0500 From: Steve Wills <swills@FreeBSD.org> To: Kurt Jaeger <pi@freebsd.org> Cc: Pau Amma <pauamma@gundo.com>, freebsd-ports@freebsd.org Subject: Re: Removing sysutils/polkit dependency from sysutils/libudisks? Message-ID: <e912cee8-7a86-2982-f97b-78e5326ce17c@FreeBSD.org> In-Reply-To: <YAPyth1avVz6JPmG@home.opsec.eu> References: <db419cf283ceb73f0aa42d46768a4ff7@gundo.com> <bdbdbfed-1365-46b2-ada0-f5c644d464d0@FreeBSD.org> <YAPyth1avVz6JPmG@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On 1/17/21 3:17 AM, Kurt Jaeger wrote: > Hi! > > Can you tell us the reason behind this opinion ? Is it generally > buggy, does polkit violate some general design policy for apps etc ? * There's one part of polkit, pkexec, which is suid and linked to some libs that really aren't designed to be used in suid binaries. * It uses spidermonkey to parse javascript policies, but aparently doesn't use it correctly[1]. It has a number of open issues[2] which have been open a while, but aren't addressed. * The project doesn't look terribly active. * Merge requests which look ready to commit aren't merged[3]. * The default policy gives everyone in wheel root access. So, to me, the features it provides don't seem worth it. I have removed it from my local system with some local patches and it seems to work fine. I haven't missed it at all. Anyway, just my $0.02. Cheers, Steve 1: https://gitlab.freedesktop.org/polkit/polkit/-/issues/97 2: https://gitlab.freedesktop.org/polkit/polkit/-/issues 3: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e912cee8-7a86-2982-f97b-78e5326ce17c>